The Breach Blog, from FRSecure
The Breach Blog
Expectant and new mothers at risk after University of Kentucky laptop theft
Date Reported:
8/19/10
Organization:
University of Kentucky
Contractor/Consultant/Branch:
UK HealthCare
Location:
Lexington, Kentucky
Victims:
"mothers in the Newborn Screening Program"
Number Affected:
2,027
Types of Data:
"patient names, medical record numbers as well as the date of birth, diagnosis, mother’s name, and in some instances, the social security numbers"
Breach Description:
"The University of Kentucky is notifying 2,027 people of a breach of protected health information. Between June 18 and June 21, 2010, a laptop computer containing information from the Newborn Screening Program was stolen from the Department of Pediatrics Newborn Screening Program."
<< MORE >>
Yale School of Medicine breach is under investigation by AG
Date Reported:
8/18/10
Organization:
Yale University
Contractor/Consultant/Branch:
Yale School of Medicine
Location:
New Haven, Connecticut
Victims:
Patients
Number Affected:
"about 1,000"
Types of Data:
"health information"
Breach Description:
"The security of personal health information of up to 1,000 people could have been compromised when a laptop was stolen from Yale Medical School."
<< MORE >>
Four Massachusetts hospital patients at risk after illegal dumping is discovered
Date Reported:
8/13/10
Organization:
Milton Hospital
Caritas Christi Health Care
Milford Hospital
Holyoke Medical Center
Contractor/Consultant/Branch:
Goldthwait Associates
Location:
Georgetown, Massachusetts
Victims:
Patients
Number Affected:
"thousands", there are an estimated 8,000 - 12,000 patients from Milton Hospital; Holyoke puts the number between 16,000 and 24,000 patients.
Types of Data:
"individuals' full names, addresses, dates of birth, Social Security numbers, insurance information including policy numbers, patient identification numbers, as well as protected health information including diagnoses relating to pathology tests"
Breach Description:
A Boston Globe photographer discovered thousands of billing records from four area hospitals at an transfer station (dump) in Georgetown, Massachusetts. The confidential records were allegedly discarded (unsecurely) by the hospitals' common billing services provider, Goldthwaite Associates.
<< MORE >>
Laptop stolen from the University of Connecticut affects 10,174 applicants
Date Reported:
8/19/10
Organization:
University of Connecticut
Contractor/Consultant/Branch:
None
Location:
West Hartford, Connecticut
Victims:
School applicants
Number Affected:
10.174
Types of Data:
"undergraduate admissions data, including applicants' contact information, Social Security numbers and other data"
Breach Description:
"WEST HARTFORD, Conn., Aug. 19 (UPI) -- A laptop computer stolen from a Connecticut university contained names and sensitive information on 10,174 school applicants, school officials said."
<< MORE >>
Laptop stolen from Oregon doctor's car affects 4,000 patients
Date Reported:
8/11/10
Organization:
Dr. David Gostnell*
*This page is Dr. Gostnell's staff page at OHSU. OHSU is not involved in this breach.
Contractor/Consultant/Branch:
None
Location:
Portland, Oregon
Victims:
Patients
Number Affected:
4,000
Types of Data:
"full names, diagnoses and Social Security numbers"
Breach Description:
"PORTLAND, Ore. -- A Portland psychologist is alerting 4,000 patients after his laptop, which contained personal health information, was stolen from his car last month."
<< MORE >>
126,000 people affiliated with six Florida schools involved in CCLA breach
Date Reported:
8/10/10
Organization:
Broward College
Florida State College at Jacksonville
Northwest Florida State College
Pensacola State College
South Florida Community College
Tallahassee Community College
Contractor/Consultant/Branch:
College Center for Library Automation ("CCLA")*
*Established in 1989, CCLA operates Florida's Library Information Network for Cooperative Content (LINCC) and associated web-based information portal, LINCCWeb. CCLA is a cooperative effort between the Florida Department of Education's Division of Florida Colleges and the College Council of Presidents.
Location:
Online
Victims:
"students, faculty, and staff of six Florida public colleges"
Number Affected:
"As many as 126,000"
Types of Data:
"personal information, as defined by Section 817.5681(5)(a)-(c), Florida Statutes"*
*CCLA has not defined what personal information was exposed. Section 817.5681(5)(a)-(c), Florida Statutes, states:
For purposes of this section, the term "personal information" means an individual's first name, first initial and last name, or any middle name and last name, in combination with any one or more of the following data elements when the data elements are not encrypted: (a) Social security number; (b) Driver's license number or Florida Identification Card number; (c) Account number, credit card number, or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account.
Breach Description:
"On August 10, 2010, CCLA notified students, faculty, and staff of six Florida public colleges that some of their personal information, as defined by Section 817.5681(5)(a)-(c), Florida Statutes, was temporarily open to online access for a five-day period between May 29 and June 2, 2010." The information was inadvertently made available during the installation of a software upgrade
<< MORE >>
Discarded insurance documents return to haunt three years later
Date Reported:
8/16/10
Organization:
American Fidelity Assurance Company
Contractor/Consultant/Branch:
None
Location:
Oklahoma City, Oklahoma
Victims:
Customers
Number Affected:
"hundreds"
Types of Data:
Personal information typically found on "insurance and related employee forms". Names, addresses, Social Security numbers, etc.
Breach Description:
An Edmond, Oklahoma couple found hundreds of confidential documents inside storage containers located on a curb during trash day. The couple stored the documents for three years, and only recently reported their finding. The documents include hundreds of insurance-related forms, allegedly from American Fidelity Assurance Company.
<< MORE >>
UNCG malware infection may have exposed more than 2,500 patients
Date Reported:
8/9/10
Organization:
The University of North Carolina at Greensboro ("UNCG")
Contractor/Consultant/Branch:
Speech and Hearing Center
Psychology Clinic
Location:
Greensboro, North Carolina
Victims:
Patients
Number Affected:
"more than 2,500 individuals"
Types of Data:
"names, addresses, social security numbers, dates of birth, telephone numbers, insurance companies, insurance ID numbers, group numbers, diagnosis codes, procedure codes and charges"
Breach Description:
"GREENSBORO, N.C. (AP) — Officials at the University of North Carolina at Greensboro say computer security breaches at two clinics allowed unauthorized access to information on about 2,500 people."
<< MORE >>
Lost DVD affects over 11,000 pharmacy patients
Date Reported:
8/4/10
Organization:
Walsh Pharmacy of Fall River, MA
Contractor/Consultant/Branch:
McKesson Pharmacy Systems
Location:
Undisclosed, lost/stolen in transit
Victims:
Patients
Number Affected:
"approximately 11,440"
Types of Data:
Personal information, including "names and in some instances social security, health care and driver’s license numbers, as well as prescription information"
Breach Description:
Walsh Pharmacy has notified the New Hampshire Attorney General as well as local news outlets about a breach involving a lost/stolen DVD that contained sensitive personal information belonging to the pharmacy's patients.
<< MORE >>
Portland Community College notifies victims of lost flash drive
Date Reported:
8/12/10
Organization:
State of Oregon
Contractor/Consultant/Branch:
Oregon Department of Human Services
Portland Community College
Oregon Food Stamp Employment Transition Program, also known as OFSET
Location:
One or more campuses
Victims:
"Multnomah County participants in the Oregon Food Stamp Employment Transition Program"
Number Affected:
"an estimated 2,900"
Types of Data:
Personal information including "names and Social Security numbers"
Breach Description:
"A car owned by an employee of Portland Community College was broken into on Thursday, Aug 5. Among the stolen items was a data-storage device containing the names and Social Security numbers of an estimated 2,900 Multnomah County participants in the Oregon Food Stamp Employment Transition Program, also known as OFSET."
<< MORE >>
Benefits consultant loses backup tape containing employee personal information
Date Reported:
8/4/10
Organization:
Marsh & McLennan Companies
Contractor/Consultant/Branch:
Seabury & Smith, Inc.
Mercer
Marsh
Undisclosed third-party courier
Location:
Undisclosed
Victims:
Employees and employee dependents of client companies
Number Affected:
Undisclosed
Types of Data:
"personal information, such as name and Social Security Number"
Breach Description:
Mercer Health & Benefits LLC and its affiliates (Mercer) has updated the New Hampshire Attorney General about a breach that occurred in April, 2010. The breach was the result of a lost (or stolen) backup tape.
<< MORE >>
Local break-in at allergy clinic results in 25,000 stolen patient records
Date Reported:
8/6/10
Organization:
Fort Worth Allergy and Asthma Associates
Contractor/Consultant/Branch:
None
Location:
Fort Worth, Texas
Victims:
Patients
Number Affected:
25,000
Types of Data:
Personal information including Social Security numbers, birth dates, addresses, and diagnoses
Breach Description:
FORT WORTH -- In June, employees at a Fort Worth allergy clinic discovered that the office door had been kicked in and four computers containing patients' personal information including Social Security numbers and birth dates had been stolen.
<< MORE >>
More than 150 people affected by Doherty Hotel breach
Share
|
Date Reported:
8/13/10
Organization:
Doherty Hotel & Convention Center
Contractor/Consultant/Branch:
None
Location:
Clare, Michigan
Victims:
Customers
Number Affected:
"more than 150"
Types of Data:
Credit and/or debit card information
Breach Description:
"CLARE – More than 150 credit card holders who frequented a local business that had its database accessed have seen fraudulent charges appear on their cards in a case that is being investigated by the U.S. Secret Service, according to authorities."
<< MORE >>
Destination Hotels in 12 states affected in massive card breach
Date Reported:
8/6/10
Organization:
Destination Hotels & Resorts ("DHR") *
*This is an update and continuation of a previous Breach Blog post; see: More than 700 upscale hotel guests affected by credit card breach
Contractor/Consultant/Branch:
None
Location:
Various
Victims:
Patrons of 22 DHR properties
Number Affected:
Undisclosed*
*There is no disclosure of the total number, but according to the New Hampshire Attorney General letter there are approximately 470 New Hampshire residents affected.
Types of Data:
"credit or debit card information, including card numbers and expiration dates"
Breach Description:
"Between April 2009 and June 2010, the computer systems of some DHR hotels were accessed without authorization. As a result, credit or debit card information, including card numbers and expiration dates, may have been subjected to unauthorized access by third parties."
<< MORE >>
Littleton Regional Hospital employee fired for inappropriate information access
Date Reported:
6/29/10
Organization:
Littleton Regional Hospital
Contractor/Consultant/Branch:
None
Location:
Littleton, New Hampshire
Victims:
Patients
Number Affected:
"several"
Types of Data:
Personal demographic and diagnostic information, including:
- Name, Address, and Phone Number,
- Date of Birth and Age,
- Insurance Information,
- Primary Care Provider and Referring Physician names,
- Medical History and Allergies,
- Date, Time, Type, Provider name and Reason for visit, and;
- Provider notes regarding the visit in question
Littleton Regional Hospital has notified the New Hampshire Attorney General of a breach concerning unauthorized employee access to personal health information belonging to patients who visited the hospital during "the spring months of 2010".
<< MORE >>
Laptop lost during airport layover affects more than 32,000 employee candidates
Date Reported:
7/27/10
Organization:
CoreLogic
Contractor/Consultant/Branch:
First Advantage
First Advantage Tax Consulting Services ("TCS")
Location:
An undisclosed airport
Victims:
Job applicants from TCS clients
Number Affected:
32,842
Types of Data:
Personal information including "names and Social Security numbers"
Breach Description:
"Through its lawyers, Indianapolis-based First Advantage Tax Consulting Services (TCS) has notified the New Hampshire Attorney General’s Office that on June 10, a laptop containing sensitive personal information was lost during an airport layover. "
<< MORE >>
Cooper University Hospital flash drive with personal info goes missing
Date Reported:
7/27/10
Organization:
Cooper University Hospital
Contractor/Consultant/Branch:
None
Location:
Camden, New Jersey
Victims:
"graduate medical education residents and fellows for the current and prior academic years"
Number Affected:
Undisclosed
Types of Data:
Personal information including "Social Security numbers, addresses, and phone numbers"
Breach Description:
"A thumb drive that contained personal data about current and past graduate medical education residents and fellows at Cooper University Hospital has gone missing. Hospital sources tell Action News the thumb drive went missing on July 8th."
<< MORE >>
Who is to blame in Regeneron / Ceridian breach?
Date Reported:
7/26/10
Organization:
Regeneron Pharmaceuticals, Inc.
Contractor/Consultant/Branch:
Ceridian Corporation
Location:
Undisclosed/Web-based
Victims:
Current and former employees
Number Affected:
Undisclosed
Types of Data:
"names and bank account numbers"
Breach Description:
Regeneron has notified the New Hampshire Attorney General of a breach concerning unauthorized access to their payroll provider's (Ceridian Corporation) system. Once access was gained to the system, the "hackers" attempted to redirect employee paychecks to fraudulent accounts.
<< MORE >>
Thomas Jefferson Hospitals notifies 21,000 patients of stolen laptop
Date Reported:
7/23/10
Organization:
Jefferson Health System
Contractor/Consultant/Branch:
Thomas Jefferson University Hospitals
Location:
Philadelphia, Pennsylvania
Victims:
Patients who "received inpatient care at Thomas Jefferson University Hospitals in 2008 between March 9 and June 9 and between August 1 and November 1"
Number Affected:
"approximately 21,000"
Types of Data:
"name, birth date, gender, ethnicity, diagnosis, social security number, insurance information, hospital account number and other internal and administrative coding"
Breach Description:
"Thomas Jefferson University Hospitals has notified approximately 21,000 patients that there was a theft of a laptop computer containing personal information."
<< MORE >>
Resnick Investment Advisors is victim of unauthorized intrusion
Date Reported:
7/21/10
Organization:
Resnick Investment Advisors, LLC
Contractor/Consultant/Branch:
None
Location:
Westport, Connecticut
Victims:
Clients
Number Affected:
Undisclosed
Types of Data:
Account information
Breach Description:
Resnick Investment Advisors, LLC has notified the New Hampshire Attorney General of an "electronic intrusion" of their computer network that could have exposed client account information to an unauthorized third party. The alleged incident took place sometime in June, 2010.
<< MORE >>
Subscribers
Bookmarks
