Bridgewater Associates, LP offers employees continuing health coverage (COBRA) when they separate from the firm. That coverage is administered by Ceridian, who maintain a database with the employees’ and their dependents’ names, addresses, dates of birth, Social Security numbers, and other benefit plan information (but no medical information). On or about April 11, a Bridgewater…
Man who tries to report breach to Sears finds himself talking to someone in India?
Here we go again. It’s bad enough to have an easily avoidable breach. It’s worse when you make it difficult for people to report it to you. Today’s entry in this Hall of Shame is Sears. Nesita Kwan reports personal information of hundreds of former Sears employees, including their Social Security numbers, photos, records with…
Rocky Mountain Spine Clinic fires employee who e-mailed patient information to her personal e-mail account
Matthew Patane reports that Rocky Mountain Spine Clinic announced Wednesday that a former employee was fired after creating a document with PHI on 532 patients that she sent to her personal email account. The document contained patient names, insurance company information and tracked patient surgeries. The employee, who worked for the clinic’s billing department, said she…
Employees of five client firms notified by Fidelity Investments that their data were exposed to the wrong parties
Fidelity Investments has reported a number of breaches this year, all involving exposure of information to the wrong people: On June 17, Fidelity notified the NH Attorney General’s Office that information (names and Social Security numbers) of Apria Healthcare plan members was accidentally included in a secure email sent to three employees of another client…
South Central Los Angeles Regional Center notifies clients after employee’s car with iPad stolen
South Central Los Angeles Regional Center notified consumers after an employee’s iPad containing names and UCIs (Unique Customer Identification?) had been left in a vehicle that was stolen on July 6. According to their web site, SCLARC is a private, non-profit, community based organization which contracts with the State Department of Developmental Services (DDS) to coordinate…
California Correctional Health Care Services notifies inmates of data breach
California Correctional Health Care Services has notified inmates of a privacy breach that occurred on June 19: On June 19, 2013, dental records were reported missing from a California Correctional Health Care Services (CCHCS) staff member’s possession while off the premises of a correctional institution. The missing documents contained information such as patient name, CDCR…