Seattle University was contacted by a student who discovered that permissions for some folders in the university’s Microsoft Exchange folder system had been set incorrectly, allowing anyone with a university email address to gain access to the files in those folders. The university reports that 628 current and former students had personal information in those…
QCA Health Plan settles HHS charges stemming from laptop theft breach in October 2011
QCA Health Plan, Inc., of Arkansas, has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules, agreeing to a $250,000 monetary settlement and to correct deficiencies in its HIPAA compliance program. On February 21, 2012, HHS received notification from QCA regarding a breach of…
Concentra Health settles HHS charges over 2011 laptop theft breach, to pay $1.7M
Concentra Health Services (Concentra) has agreed to pay OCR $1,725,220 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules, and will adopt a corrective action plan to evidence their remediation of these findings. The settlement stems from an incident on November 30, 2011 (previously reported…
Healthcare security stuck in Stone Age
Erin McCann reports: The new 2014 Verizon Data Breach Investigations Report highlights a concerning carelessness regarding privacy and security, specific to the healthcare industry. “They seem to be somewhat behind the curve as far as implementing the kinds of controls we see other industries already implemented,” said Suzanne Widup, senior analyst on the Verizon RISK…
How to lose a customer with one email gaffe, Tuesday edition
An Account Executive at Square wanted to introduce herself to clients in her area, so she sent a friendly email to them today: Hi there, I wanted to reach out to let you know my team realigned territories and I will be your new point of contact moving forward. I’d love to set up a call…
Iowa State IT staff discover unauthorized access to servers
Posted by Iowa State earlier today: Information technology staff at Iowa State University have discovered a breach affecting five departmental servers on campus. An extensive analysis has revealed the compromised servers contained Social Security numbers of 29,780 students enrolled at Iowa State between 1995 and 2012. There’s no evidence any of the data files were…