Timothy Bolger reports: A Rockville Centre woman has admitted stealing 250 identities in 30 states, taking more than $75,000 from her victims and fraudulently requesting over $500,000 in New York State income tax refunds. Susan Pemberton pleaded guilty Wednesday at Nassau County court to grand larceny, scheme to defraud, offering a false instrument for filing…
UK: Essex County Council ‘sensitive’ data found in building
BBC reports: An investigation is under way into how “sensitive” information belonging to Essex County Council ended up in a disused building. The security breach was one of three “recent” episodes at the Conservative-run council. The Information Commissioner’s Office has confirmed it is investigating the breaches. According to BBC, two of the breaches were “committed…
Korn/Ferry’s frustratingly vague breach disclosure (update2)
File this under “How NOT to issue a press release.” Korn/Ferry reportedly issued some statement that they were the victim of a criminal attack. They note that the databases typically do not hold credit cards, Social Security numbers or health information, but they fail to indicate what types of personally identifiable information may have been…
Failure to shred: radiology service notifies patients of potential breach (update1)
KOLR10/KOZL News reports: A Springfield medical group that provides radiology services to CoxHealth is telling its patients to watch their personal information. Litton and Giddings Radiological Associates, P.C. (LGRA) says its janitorial service inadvertently sent patient paper billing records to a Springfield recycling company without first shredding the documents. The incident involved a business associate’s…
CMS response to data breaches and medical identity theft – OIG report
The Centers for Medicare & Medicaid Services (CMS) maintains the protected health information of millions of Medicare beneficiaries. If CMS has a security breach, they’re obligated to report it just like other HITECH-covered entities. But when HHS’s Office of the Inspector General (OIG) looked at whether CMS was complying with the requirements, they found deficiencies: CMS reported…
UK: Private sector leads the way on data protection compliance but ‘room for improvement’ elsewhere (update1)
The Information Commissioner’s Office issued a press release today on the results of its voluntary audit program: A series of reports published by the Information Commissioner’s Office (ICO) today has highlighted the positive approaches many private sector companies are adopting to look after people’s data. However concerns remain about data protection compliance within the local…