Michelle Dendy reports: G.H. Bass & Co. announced on Thursday that a small data capture device was attached to one of the cash registers in its Orlando store for a month. According to a release from G.H. Bass & Co., on Sept. 12 the company discovered an unauthorized person had connected a device to one…
Macomb County, Michigan notifies employees and dependents of business associate breach
Update: After this entry was posted, PHIprivacy.net received additional information indicating that there were actually two Macomb County Business Associates involved in the provision of the file to the County. “One of these two Business Associates is U.S. Health Holdings’ subsidiary Automated Benefit Services,” a spokesperson for the county’s communications firm tells PHIprivacy.net. “The breach did not occur at or by…
Ignoring leak reports and inquiries is just asking for trouble
This is an example of how NOT to secure patient information and how NOT to respond when you’re contacted about a vulnerability. Kevin Wetzel of SLC Security Services LLC posted a vulnerability report on Cape Fear Valley Health System in Fayetteville, NC. The vulnerability, first noted by SLC on August 26, was described as the entity leaking…
TX: 4,000 veterans personal information compromised
Jessica Soto reports: The South Texas Veterans Health Care System in San Antonio is notifying 4,000 Veterans whose personal information was compromised Wednesday. In an attempt to notify Veterans of the new federal rule of Hydrocodone combination, letters were inadvertently printed double-sided. On the front page one unique Veteran’s information was printed and another unique…
UK: Swale council blames human error for data protection breach
Hayley Robinson reports: Swale council has been forced to apologise and may face investigation after the email addresses of about 2,500 residents were sent out to the public. A blunder meant they were inadvertently shared on a message promoting an e-billing system. The emails were sent out in batches of 10, containing about 250 contact…
UK: UCL investigates ’email hack’ after mysterious ‘bello’ message from President is sent to students (UPDATED)
Robin De Peyer reports: A leading London university today launched a cyber security investigation after students received a mystery email from its President saying simply: “bello”. The account of University College London‘s Michael Arthur sent out the message to an “all students” address last night – prompting ridicule from those who received it. Dozens of…