Tonya Sams reports: A 46-year-old Akron man faces a maximum of 40 years in prison after pleading guilty Friday in Summit County Common Pleas Court for stealing credit card information from customers at his mother’s dry cleaning business and writing bad checks to the state. Michael Bukuts was guilty of engaging in a pattern of…
Marsh and Mercer report lost backup tape (update 2)
On June 23, insurance broker Marsh and Mercer notified the New Hampshire Attorney General’s Office that in April, a back up tape being transported by a third party courier between Marsh offices was lost. The tape contained employee benefits information such as names, addresses, Social Security Numbers, dates of birth, and drivers’ license numbers, and…
Ohio agency accidentally exposes personal data of disabled – twice
Alan Johnson reports: Personal and sensitive medical information on 200 developmentally disabled Ohioans was accidentally posted twice on a state computer network in the past 10 days. Officials with the Ohio Department of Developmental Disabilities said yesterday that the incident was not a “data breach” because the general public never had access to the information….
Ca: Health fax mistakes create a headache for pharmacies
Elizabeth McMillan and Paul Bickford report: The NWT health care system is back in the business of sending faxes, although under new conditions to tighten up security. Daryl Dolynny, president of the NWT Pharmaceutical Association, says the Department of Health and Social Services should have given pharmacists a heads up before putting a hold on…
NL 10% of hospital personnel fell for phishing test
Karin Spaink summarizes and translates: Erasmus MC, the biggest academic hospital in The Netherlands, puts quite some effort in security awareness and data hygiene. (They participated in my September 2006 Electronic Patient Files test, and did relatively well; also, they used the results of my test to again stress the need for data hygiene among…
The "smaller" breaches we don't see
I recently asked OCR if they have been receiving notifications of breaches affecting less than 500 individuals. Their answer is that they have been receiving such reports, but they will not be posting such reports on their web site. The reports “will be used to inform any reports to Congress on breaches.” As OCR reminded…