In my recent recap of new additions to HHS’s public breach tool, I noted an incident involving Summit Community Care Clinic. My summary of the breach log was: Summit Community Care Clinic in Colorado reported that 921 patients were affected by a Hacking/IT incident that occurred July 22. There is no statement or notice on their web…
Clark & Anderson accounting firm notifies thousands after unencrypted backup drive stolen from employee’s car
A Maryland accounting firm had to notify 2,906 Maryland residents after an unencrypted backup drive was stolen from an employee’s car at his home. The theft occurred on August 4, but Clark & Anderson, P.A. didn’t learn of it until August 8. In a letter dated August 30 to the Maryland Attorney General’s Office, they…
State Farm call center worker misused customers’ credit card information
Two days after a State Farm auto insurance customer made a payment on their insurance policy over the phone, the customer called State Farm back to report that their credit card information had been misused. State Farm investigated, and one month later, on September 4, the insurer notified the Maryland Attorney General’s Office that they…
Errors by both Sentry Life Insurance and the Department of Labor expose 401k participants’ information online
Sentry Life Insurance is a service provider for many companies’ 401k plans. In that capacity, they assist clients in the preparation of, and submission of, the plans’ Form 5500 to the Department of Labor. On July 2, Sentry discovered that some plans’ Form 5500 submissions to DOL contained an attachment with the individuals’ names, Social Security numbers,…
One year after data theft, Primedia (RentPath) employees and applicants notified of breach
I could have sworn I had posted something about the Primedia (formerly RentPath) breach, but maybe I just tweeted it and forgot to blog it. Thankfully, Jeff Goldman of eSecurity Planet provided a preliminary media report in June. This blog post incorporates an update to the incident. Back in May, attorneys for Primedia notified at…
Tri-State Surgical Associates notifies patients of a disclosure breach
Tri-State Surgical Associates in Elkton, Maryland recently notified patients of a disclosure breach involving their PHI. According to a letter sent by Drs. Lowe and Vaidy, when a physician left their practice in May, he reportedly asked a staff employee for patient contact information so that he could notify patients of his new practice location….