I’ve often pointed out how breach notification letters to those affected may omit details that consumers might want to know but breached entities probably prefer we not know. I came across another example today. Let’s start with what happened, as described by attorneys for Vector Security to the Maryland Attorney General’s Office. Vector Security provides…
21st Century Oncology employee stole patient information for tax refund fraud scheme – feds
Here’s one we may not see on HHS’s public breach list, depending on how many patients were involved. 21st Century Oncology Services, an affiliate of Peninsula Cancer Care Center and 21st Century Oncology of Maryland, notified the Maryland Attorney General in July that they had been informed by federal law enforcement of an insider breach…
The DEA Thinks You Have “No Constitutionally Protected Privacy Interest” in Your Confidential Prescription Records
Nathan Freed Wessler writes: The Drug Enforcement Administration thinks people have “no constitutionally protected privacy interest” in their confidential prescription records, according to a brief filed last month in federal court. That disconcerting statement comes in response to an ACLU lawsuit challenging the DEA’s practice of obtaining private medical information without a warrant. The ACLU has just filed its…
Medical Info for Sale Online
A report by Tisha Thompson and Rick Yarborough of the News4 I-Team makes a good point – that even when people know their PII is floating around or may be on black markets, they often have no clue their medical information or insurance information is also for sale on underground markets.The team interviewed one of the…
Alabama state employee sentenced for stealing info from state database for tax refund fraud scheme (updated)
An update to a case reported previously on this blog: Lea Tice Phillips, who had been employed by an unnamed Alabama state agency, was sentenced to 94 months in prison and ordered to pay restitution of $567,631 for her role in a tax refund fraud scheme. Phillips had pleaded guilty in May. Aha. Finally we know…
Kierkegaard & Perry Labs report hack through a “known bug” in their platform
I think it would be fair to say that Kierkegaard & Perry Labs, Inc’s breach notification to Maryland in July impressed me somewhat unfavorably. KPL was reporting a hack that had compromised some customers’ names, addresses, and credit card numbers with expiration dates and CVV codes. Their investigation revealed that 8 customers’ information was acquired (not…