When I saw “US Airways” appear on California’s public breach report site, I thought it was going to be the ADP-related breach I reported last week. But no, it seems that US Airways had another breach, this one discovered on July 12. In an undated letter with a file creation date of August 2, Fernand…
E-mail gaffe exposed Ruby Tuesday employee financial data to a former employee
An e-mail gaffe by a Support Center employee Ruby Tuesday exposed current employees’ information to a former employee. The spreadsheet, inadvertently attached to the July 8 e-mail, contained employees’ names, Social Security numbers, bank name, bank account type, bank account numbers and routing numbers. Ruby Tuesday immediately tried to recall the e-mail, and contacted the recipient…
You’ve got mail: Someone else’s medical test results
Misdirecting e-mail with PHI is bad. Misdirecting it to a reporter, well, that’s just begging for bad press. Carolyn Y. Johnson reports: The first e-mail came at the end of June. It was from a doctor’s office in another state—a large cardiology group. The note listed the name of a test. It listed the full…
Huntington’s Disease Society of America notifies employees and donors of possible compromise of their information
On May 3, an intruder compromised the web mail account of an HDSA executive. The purpose was likely to facilitate a fraudulent wire transfer from HDSA’s bank account, as the transfer could only occur if an email sent to the executive’s account was approved. The attempt failed, as the executive discovered the compromise on May…
Retinal Consultants Medical Group notifies patients after laptop with PHI was stolen from their office
On June 7, Vitreo-Retinal Medical Group, Inc. (dba Retinal Consultants Medical Group) discovered that a laptop computer which was a component of a diagnostic imaging machine, was stolen sometime after the office closed on June 5. The laptop contained unsecured PHI including patient names, dates of birth, gender, race, and OCT (optical coherence tomography) images. In…
Details emerge on Medtronic breach
More details have emerged on the Medtronic breach noted previously on this blog. Christopher Snowbeck reports: In early July, the manufacturer notified patients about a box of training records that had gone missing from a facility in Minnesota, Resman said. Most of the documents and records in the box dated back to 2008 and were…