I was glad to see that Health Data Management followed up on a breach where the entity said it wasn’t a HIPAA breach and had no duty to notify: Responding to questions from Health Data Management, a Michigan Department of Community Health spokesperson said the compromised data “were not medical records and therefore, no notification…
Insider threat, redux
Tampa Bay Times reports: Federal authorities say employees at James A. Haley VA Medical Center and Tampa General Hospital stole patients’ identities in tax fraud schemes. Haley employee David F. Lewis is accused of taking the names and Social Security numbers of dozens of hospital patients and selling the information to people who used it to…
Nintendo rewards program site hacked, names, email addresses and phone numbers possibly compromised
Nick Summers reports: Nintendo admitted today that Club Nintendo, a loyalty program that gives players exclusive products in exchange for registering their consoles and games, has been hacked. The company launched an investigation on July 2 after witnessing a “large” number of errors on the site. Nintendo can now confirm that 23,9326 unauthorized log-ins occurred between June…
Confidential Hertfordshire County Council papers ‘found in street’
From BBC: A council has apologised after papers holding personal staff details were found discarded in a street. Liberal Democrat councillor Paul Zukowskyj said he saw Hertfordshire County Council documents outside a former adult care office in Hatfield. Derrick Ashley, cabinet member for resources, said the council apologised and would investigate how it happened. Mr…
Chinese University website hacked and personal data stolen
From the South China Morning Post: The personal information of 60 students and teachers in Chinese University’s mechanical engineering department has been stolen and transferred to an overseas website by hackers, police said. Names, login IDs, student and staff numbers and e-mail addresses were stolen from a website for the online submission of work in…
MAPCO Express sued over data breach
Another potential class-action lawsuit has been filed in response to the MAPCO Express breach, reported previously on this blog. The suit also names the convenience chain’s parent company, Delek U.S. Holdings Inc., as defendants. Read more on Tuscaloosa News. The complaint by Ian Yeager was filed on June 17, and an amended complaint (uploaded here)…