Over on HealthITSecurity.com, Patrick Ouellette has an article on data breach response trends. You can read it here.
Security breach at Opscode as attackers download databases
Iain Thomson reports: Opscode, the commercial side of the open source Chef configuration management tool beloved by Google, Facebook, and IBM, has warned customers that a flaw in an unnamed third-party application has left its wiki and ticketing system pwned. “The attacker gained escalated privileges and downloaded the user database for the wiki and ticketing…
Bridgewater Associates notifies former employees that their information was accessed by unknown individual
Bridgewater Associates, LP offers employees continuing health coverage (COBRA) when they separate from the firm. That coverage is administered by Ceridian, who maintain a database with the employees’ and their dependents’ names, addresses, dates of birth, Social Security numbers, and other benefit plan information (but no medical information). On or about April 11, a Bridgewater…
Man who tries to report breach to Sears finds himself talking to someone in India?
Here we go again. It’s bad enough to have an easily avoidable breach. It’s worse when you make it difficult for people to report it to you. Today’s entry in this Hall of Shame is Sears. Nesita Kwan reports personal information of hundreds of former Sears employees, including their Social Security numbers, photos, records with…
Rocky Mountain Spine Clinic fires employee who e-mailed patient information to her personal e-mail account
Matthew Patane reports that Rocky Mountain Spine Clinic announced Wednesday that a former employee was fired after creating a document with PHI on 532 patients that she sent to her personal email account. The document contained patient names, insurance company information and tracked patient surgeries. The employee, who worked for the clinic’s billing department, said she…
Employees of five client firms notified by Fidelity Investments that their data were exposed to the wrong parties
Fidelity Investments has reported a number of breaches this year, all involving exposure of information to the wrong people: On June 17, Fidelity notified the NH Attorney General’s Office that information (names and Social Security numbers) of Apria Healthcare plan members was accidentally included in a secure email sent to three employees of another client…