| 7.20.2010 |
Boston Globe |
Hospital Files with Data of 800,000 are Missing
Computer files containing personal information for about 800,000 people may have been lost when they were shipped to a contractor to be destroyed, officials of South Shore Hospital in Weymouth, Mass., said. The files may have included names, addresses, phone numbers, birth dates, Social Security numbers, drivers’ license numbers, patient and medical record numbers, health plan information, service dates, diagnoses, treatments and other personal information dating to 1996.
|
|
| 7.20.2010 |
Idaho Statesman |
Tape with Idaho Power, St. Luke's Employee Data Missing
A computer server back-up tape containing personal information for several thousand St. Luke’s Health System employees in Idaho, along with Idaho Power employees and their dependents, was lost by a third party courier in an office move in March, the hospital said this week. Mercer, a human resources consulting company that hired the courier, said the tape had information on workers from several employers, but would not release the names of the other companies. Information on the missing tape may include employees' and their dependents' names, addresses, birth dates and Social Security numbers.
|
|
| 7.20.2010 |
Connecticut Post |
Stolen Labor Department Laptop Contained Confidential Data
A laptop computer stolen from the Connecticut Department of Labor's Bridgeport office contained confidential unemployment insurance information affecting about 5,000 individuals and employers, officials said. Full Social Security numbers are contained in the records.
|
|
| 7.15.2010 |
New Haven Register |
Connecticut Attorney General Wants Teacher Panel to Explain Lost Data
The state Teachers’ Retirement Board in Connecticut owes its 58,000 members an explanation after waiting six months to inform them of a lost flash drive containing retirement data, Connecticut Attorney General Richard Blumenthal said this week. Blumenthal said the lost drive could contain names, addresses, partial Social Security numbers and other personal information.
|
|
| 7.14.2010 |
Infosec Island |
SunBridge Healthcare Notifies 3,830 Residents of Stolen Laptop
A laptop computer containing personal information of 3,830 residents from 10 states was stolen in May from SunBridge Healthcare Corp. According to the New Mexico healthcare company, information on the laptop included names, medical record numbers, service dates and clinical data, as well as Social Security and health insurance numbers of people from Arizona, California, Colorado, Idaho, Montana, New Mexico, Oklahoma, Utah, Washington and Wyoming.
|
|
| 7.14.2010 |
Dark Reading |
Major Breaches Caused By Loss of Physical Media
Online attacks might be getting more sophisticated, but recent off-network incidents painfully demonstrate that the loss of physical storage media is still among the most common causes of data breaches. The California Department of Health Care Services (DHCS) reported to federal authorities that a missing compact disc containing personal information for 29,808 people that was delivered to DHCS may not have been encrypted by the sender, Care 1st Health Plan.
|
|
| 7.6.2010 |
Honolulu Star-Advertiser |
University of Hawaii Computer Breach May Have Compromised 53,000 People
More than 53,000 people who worked with the University of Hawaii at Manoa parking office's database between 1998 and 2009 may be affected by a computer security breach, university officials said this week. The affected records include 41,000 Social Security numbers and 200 credit card numbers.
|
|
| 7.2.2010 |
Yorkshire Post |
Data from 13,000 Farmers on Stolen Laptop
The names, addresses, quota details, transaction reference and telephone numbers of 13,000 UK dairy farmers were stored on a laptop computer reported stolen from an employee’s car at DairyCo, an organization geared toward improving the quality of the UK dairy market. The theft occurred on June 9, nearly a month before the data loss was reported.
|
|
| 7.2.2010 |
Dallas Morning News |
Hard Drive with AMR Retiree, Employee Data Stolen
A hard drive that contained personal information about 79,000 former and current employees, retirees and their beneficiaries was reported stolen by AMR Corp., parent company of American Airlines, Inc., in Fort Worth, Texas. The data, which had been kept by AMR's pension department, spans 1960 through 1995, and consists of microfilm file images, the company said.
|
|
| 6.30.2010 |
SC Magazine UK |
Details of 24,000 People Lost Following Laptop Theft
An employee’s laptop computer containing names, addresses, birthdates and other personal information of more than 24,000 clients of UK training company A4e was reported stolen in a burglary. According to a related BBC article, the data relates to customers of two Community Legal Advice Centers operated by A4e in Hull and Leicester.
|
|
| 6.29.2010 |
Business Week |
New York Hospital Loses Data on 130,000 Patients
An off-network data breach affecting 130,495 patients of Lincoln Medical and Mental Health Center in New York was reported after seven CDs containing unencrypted health and personal information sent by the hospital's billing processor, Siemens Medical Solutions USA, in March, did not arrive at their intended destination. The data included Social Security numbers, health plan and driver's license numbers, addresses, birthdates, and descriptions of medical procedures, the hospital said.
|
|
| 6.28.2010 |
BankInfoSecurity |
ITRC: 325 Data Breaches in First Half of 2010
The Identity Theft Resource Center (ITRC) reports 325 data breaches have been reported thus far in 2010, with business, healthcare and government as the top industries suffering breach incidents. A total of 39 data breaches have impacted financial services, more than half the total of breaches suffered by the industry in 2009. Security and privacy experts say current data loss trends will remain at about the same rate as 2009.
|
|
| 6.23.2010 |
Statesman Journal |
Oregon National Guard Alerts Members that Personal Information is at Risk
A laptop computer containing sensitive personal information, including Social Security numbers, for an unknown number of Oregon National Guard service members, was reported stolen from a Guard member's vehicle in the Portland, Ore., area. Capt. Stephen Bomar, Guard spokesperson, said: "I believe we've had other equipment stolen, but nothing to this scale that contains personal information."
|
|
| 6.21.2010 |
Dark Reading |
Data Breaches Will Increase This Year, Security and Compliance Officers Say
Ninety-five percent of security and compliance pros say they believe that data breaches will increase in 2010, according to a new survey. Another 58% of respondents said they think their personal data is less secure today than it was a year ago, while 30% said compliance is their biggest concern this year.
|
|
| 6.19.2010 |
Seattle Post-Intelligencer |
Burglary Prompts Concerns of Identity Theft
The Family Care Center physical therapy clinic said it discovered a laptop computer and a backup hard drive containing more than 8,000 patient names and accounts for three Washington state facilities were stolen during a recently burglary. Owner Jim Christensen said the data includes patient accounts from operations in Clinton, Freeland and Oak Harbor, Wash.
|
|
| 6.10.2010 |
WPLN |
10,000 Tennesseans’ Names, Social Security Numbers on Stolen Laptop
A laptop computer belonging to a contractor for DentaQuest, a dental benefits provider for several government agencies, and containing more than 10,000 names and Social Security numbers of clients, was reported stolen. DentaQuest said it has opened a call center in Nashville, Tenn., and will start mailing notifications to people affected.
|
|
| 6.3.2010 |
Gainesville Sun |
AvMed: Breach of Customer Data Three Times Worse Than Reported
As many as 500,000 more customers than originally thought may have been affected by the December 2009 theft of two laptop computers from AvMed Health Plans containing personal information, raising the number of people impacted to 860,000. The laptops containing customer names, addresses, birth dates, Social Security Numbers and health information were reported missing from AvMed’s Gainesville, Fla., office on Dec. 11, but the company waited until February to notify members.
|
|
| 6.2.2010 |
IT Business Edge |
Breach of Kidney Dialysis Patient Data in Kentucky
Hundreds of patients undergoing kidney dialysis at a university program now have one more thing to worry about: the possibility that their private medical information was compromised. The University of Louisville alerted the patients that the data was accidentally made available on the Internet without password protection, and offered to pay for a year of credit-monitoring services.
|
|
| 6.2.2010 |
eWeek Europe |
British Health Service Tops List of Data Breaches
The much-admired and sometimes-maligned British National Health Service has come in for a new dose of embarrassment with the release of an official report documenting how the service has been responsible for fully one-third of all the recorded data breaches in the United Kingdom over the last three years. The report was issued by the central government’s Information Commissioner’s Office.
|
|
| 6.2.2010 |
State College News |
Huge Possible Data Breach Reported at Penn State
As many as 25,572 Social Security numbers once stored on Penn State computer systems may have been compromised during security breaches in recent weeks, the university reported this week. The possible breach results from malicious software infecting computers in the university’s library and market research and data office.
|
|
| 6.1.2010 |
Enterprise Networking Planet |
All the Focus on Securing Networks is Missing the Boat
A Ponemon Institute study finds that most organizations spend too much time and money on securing their networks but too little on securing the blossoming number of web applications. According to the study, of the top ten data breaches last year, only 7 percent were related to network breaches.
|
|
| 5.28.2010 |
E-Security Planet |
Data Theft Hits City Employees in North Carolina
Private information on more than 5,200 current and former employees of the city of Charlotte, North Carolina has been compromised as a result of two missing DVDs containing the information. And no surprises: the files were not encrypted. In fact, the only surprise is that the egregious breach occurred while the data was being handled by a supposedly “leading” benefits consulting firm, Towers Watson.
|
|
| 5.28.2010 |
Cincinnati Enquirer |
Missing Records on Stolen Laptop from Cincinnati Children's Hospital
Cincinnati Children's Hospital Medical Center recently reported a laptop computer containing more than 61,000 patient records was stolen from a hospital employee's personal vehicle while it was parked outside the employee's home in March. The records contained names, medical record numbers and services provided, a hospital spokesperson said.
|
|
| 5.27.2010 |
Infoworld |
Oil Spill Prompts Visions of Data Spills
The British Petroleum offshore oil leak disaster still unfolding in the Gulf of Mexico prompts one columnist to wonder what a data leakage disaster of similar proportions would be like. “Unfortunately, the lure of potential profits in the information economy, combined with the apparent ease with which data can be gathered and a lack of regulation, creates a climate of recklessness in which a ‘data spill’ of the scale of the Deepwater Horizon incident seems not just likely, but inevitable,” he concludes.
|
|
| 5.22.2010 |
Search Health IT |
Healthcare Data Breaches More Costly Than Average
With Congress having recently added new teeth to data breach notification laws, in the form of $50,000 fines per incident, the industry has seen a huge uptick in the number of breach notifications. But a recent study reveals that data breaches are even more costly for healthcare providers.
|
|
| 5.21.2010 |
Health Leaders Media |
No Excuse for Not Protecting Healthcare Data
With all the knowledge about how to protect private patient information from getting into the wrong hands, there’s no excuse that it’s not generally better protected, observes this columnist. “But really, how difficult is it to protect laptops' security so that even if a thief gets his grubby hands on your organization's property, the information contained within is safe? Not very, apparently, making it all the more ridiculous that not even close to all healthcare organizations do it.”
|
|
| 5.20.2010 |
Federal Computer Week |
At What Point Do Thousands of Networked Devices Become an Off-Network Security Risk?
While it continues to attempt to atone for and fix a string of high-profile data breaches that have drawn the wrath of Congress, the Veterans Administration is dealing with a different kind of IT security issue: how to secure 50,000 networked medical devices in its system. While they’re ostensibly part of the network, we have to wonder if having so many unsecured portable devices floating around your network amounts to a serious off-network security risk.
|
|
| 5.19.2010 |
Federal Computer Week |
VA Forced to Defend its Data Protection Practices
The U.S. Veterans Administration came under verbal attack by a House of Representatives committee for failing to take the proper steps to prevent two recent breaches in Texas of veterans’ medical data. To prevent similar future breaches, told the VA’s assistant secretary for information and technology, Roger Baker, told the subcommittee that the agency is auditing all other contracts involving private patient data.
|
|
| 5.18.2010 |
Enterprise Networking Planet |
Don’t Forget to Protect Your End Points
In this column about ten ways to protect your network against insider threats, we especially liked this one: “Implement end point data leak protection. Fifty-nine percent of staff that lose their jobs take confidential corporate information with them on a DVD or USB drive, according to the Ponemon Institute. End point security systems aim to restrict what portable storage devices can be used, and by whom, and to monitor what information is copied. Such systems can be useful in making it harder to copy information maliciously without being detected, but can't prevent a trusted insider with authority to copy data from doing so maliciously.”
|
|
| 5.17.2010 |
eSecurity Planet |
A Missing Laptop Full of Medicaid Patient Info
A laptop recently stolen in Chicago has compromised the private medical information of more than 9,500 New Mexico Medicaid clients. Officials with the state’s human services department said the information of Medicaid enrollees was password-protected but not encrypted.
|
|
| 5.11.2010 |
Dark Reading |
Survey Finds Employees Put Personal Security Ahead of Their Employers’
According to a survey of about 1,600 end users in the U.S., U.K., Germany and Japan, individuals put their personal security ahead of protecting their employers’ data. Raise your hand if you’re surprised by this finding. What was perhaps a little surprising, however, was that about half of the respondents admitted to divulging their employer’s private data through an unsecure email account.
|
|
| 5.11.2010 |
Infoworld |
More Malicious Attacks Come From Within Than From Outside
While most of the emphasis on preventing data breaches tends to focus on foiling outsiders, the majority of such malicious attacks actually come from within an organization. Says this writer: “To be honest, I had thought that disgruntled or fired admins pose more of a threat, but it turns out that regular employees are enjoying digital crime just as much.”
|
|
| 5.10.2010 |
Help Net Security |
Nearly Half of IT Pros Think Medical Records Are Less Secure Than
An online survey of IT professionals found that nearly half of them believe their own medical records are less secure than they were just a year ago. In the survey, conducted by an IT security consulting firm, 47 percent responded that they feel their records are less secure now, with the remaining respondents splitting down the middle on feeling they are either more secure or as secure as 12 months ago.
|
|
| 5.7.2010 |
Infosecurity |
Laptop Users Need Better Encryption
The steady stream of advances in brute force encryption techniques means laptop users need to continue to raise their game in protecting themselves through better encryption of data, according to one expert. As cybercriminals get smarter about cracking codes and gain access to increasing amounts of computing power to do so, those protecting against such threats must grow more sophisticated in their defenses.
|
|
| 5.6.2010 |
InfoSecurity |
Lost NHS USB Drive Exposes Medical Records
An unencrypted USB drive that contained the medical records of patients and personal information on National Health Service staff in the UK was found by a 12-year-old boy in a supermarket parking lot in Stenhousemuir, Scotland. The BBC reported that the medical records found on the computer memory stick pertained to patients at a secure hospital near Falkirk and contained the criminal histories of some violent patients as well as details about staff at the Tryst Park unit at Bellsdyke Hospital.
|
|
| 5.6.2010 |
Dark Reading |
Data Breaches on the Rise in U.K.
A new survey by the international accounting firm of Pricewaterhouse Coopers indicates the average large firm in the United Kingdom suffered about 45 data breaches last year. More than 90 percent of large organizations reported having suffered a data breach in the last year, up from 72 percent the previous year. At the same time, supply chains are demanding higher levels of security assurance.
|
|
| 5.5.2010 |
eSecurityPlanet |
Huge Loss of Medical Records in Kentucky
A flash drive containing the personal information on 24,000 patients at a psychiatric hospital in Louisville, Kentucky has been missing for a month, prompting the facility to notify patients that their privacy has probably been breached. The compromised data covers patients who have been admitted since 2002.
|
|
| 5.3.2010 |
WLS |
Patients' Medical Records Stolen at Suburban Chicago Company
Patient healthcare records for 180,111 people were on a portable hard drive stolen in February from Millennium Medical Management Resources in Westmont, Ill., near Chicago, which manages emergency healthcare physician billing, it was reported this week. The breach affects patients who were treated between 2003 and 2006. The number of people impacted by the breach was reported by the Open Security Foundation.
|
|
| 4.30.2010 |
Dark Reading |
Healthcare Not Up to Securing EMRs, Experts Say
As the adoption of electronic medical records (EMR) accelerates, experts say healthcare organizations must effectively address data protection in the transition from paper to digital record-keeping. Industry observers say that larger healthcare organizations with already established databases tend to be far behind counterparts in other industries in regard to how they secure data. A poll recently released by Javelin Research found that fraud based on exposure to health data rose from 3% to 7% between 2008 and 2009.
|
|
| 4.29.2010 |
Orange County Register |
St. Jude Patients' Data Stolen on Computers
Five computers containing personal health data on 22,000 patients were stolen from St. Jude Heritage Medical Group in Fullerton, Calif. Unencrypted patient information included Social Security numbers, birth dates and diagnoses, according to the healthcare provider. Police officials said 22 computers were stolen, with five containing patient health records.
|
|
| 4.28.2010 |
Help Net Security |
Perception of Data Security at Odds with Reality
According to findings of an Accenture global study, nearly three-quarters of organizations believe they have adequate policies in place to protect sensitive, personal information, yet more than half have lost sensitive data within the past two years and nearly 60% of those organizations acknowledge data loss as a recurring problem. While 70% of survey respondents agreed that organizations have an obligation to take reasonable steps to secure consumers’ personal information, there are discrepancies in their commitments for doing so.
|
|
| 4.28.2010 |
Dark Reading |
Costs of Data Breaches Much Higher in U.S. Than in Other Countries, Study Says
A data breach in the U.S. could cost a business twice as much as the same breach costs companies in other countries with less stringent disclosure and notification laws, according to a study published Wednesday by the Ponemon Institute. The study examined data breach costs from the U.S., the UK, Germany, France and Australia by components such as detection, escalation, notification, post-breach response and customer churn. The loss of customers and the scramble to replace them following a breach was found to be typically the highest cost, accounting for 44% of breach costs worldwide, but accounted for 66% of U.S. breach costs.
|
|
| 4.27.2010 |
Information Week |
Medical Records Continue to Be Dumped
Even in the face of new federal guidelines tightening security on confidential medical records, crude breaches continue to occur at an alarming rate. A physical therapy practice in Monticello, New York that had been evicted from its offices dumped 15 boxes of medical records containing private patient information in the trash. A clerk in a nearby retail store noticed them and apparently alerted officials.
|
|
| 4.22.2010 |
OneMedPlace |
Providers May Be Overconfident in Data Security, Report Finds
Healthcare organizations may fret over hackers stealing electronic health information, but a new report reveals that the majority of data breaches actually result from theft and carelessness. A stolen laptop, a forgotten mobile device, or improperly disposed documents can be as devastating to data security as an unprotected network. Since January 2008, more than 110 healthcare organizations have reported data loss incidents, with 46% of the incidents caused by theft and 24% resulting from loss or negligence.
|
|
| 4.21.2010 |
Honolulu Advertiser |
Blood Donor ID Data Stolen
A laptop computer containing confidential personal information for nearly 40,000 blood donors was stolen in a burglary last month from the Blood Bank of Hawaii headquarters in Honolulu. Data on the laptop included names, birth dates, partial Social Security numbers and donation information. The laptop also included "deferred donor" data, which covers people who cannot donate blood because of medical issues and those who are temporarily prohibited from donating.
|
|
| 4.20.2010 |
Newswise |
Massachusetts Eye and Ear Alerts Patients to Laptop Theft and Data Breach
A laptop computer containing health and demographic information of more than 3,500 patients was stolen in February from a neurologist affiliated with the Massachusetts Eye and Ear Infirmary, the healthcare group revealed this week. Additional information on the laptop included names, addresses, birth dates, medical record numbers, email addresses and some pharmacy insurance account numbers.
|
|
| 4.14.2010 |
Databreaches.net |
Yet Another Laptop Stolen from a Car Puts Employee Data at Risk
A laptop computer containing names and Social Security numbers of Lam Research North America employees was stolen from an employee’s car in March, according to a letter sent to the New Hampshire Attorney General’s Office that was obtained by Databreaches.net. There was no indication in the letter as to whether the employee who left the laptop in the vehicle had violated company policy or was disciplined for the breach, according to the website.
|
|
| 4.13.2010 |
Security Management |
Ponemon Study Finds Cost of Data Breaches Rose Again
The cost of a data breach rose again in 2009, according to an annual U.S. Cost of a Data Breach Study from the Ponemon Institute, which found that the average lost record cost companies $204 last year, while the total average cost of a breach to a business was $6.75 million. The year’s cost is about 60% higher than five years ago, according to the study, which looked at 45 companies that suffered a data breach.
|
|
| 4.13.2010 |
Chattanooga Times Free Press |
BlueCross BlueShield of Tennessee Theft Alert Widens
Personal information for nearly 1 million BlueCross BlueShield of Tennessee members was included on 57 computer hard drives stolen last October, according to a new company report. The Chattanooga-based health insurer said it is contacting another 447,549 customers to alert them that their identities may have been jeopardized by the data theft, nearly doubling the number of BlueCross members already notified.
|
|
| 4.7.2010 |
Network World |
Data Loss a Mystery for Many Businesses
According to new research, many security executives admit that they are only able to determine if personally identifiable information was compromised in a data security breach if they had full disk encryption on all laptops. A total of 59% of study respondents said they could not determine if data was lost in cases of missing laptops. Despite increased awareness of penalties and the damage that losing personal data can do to corporate reputations, executives apparently are becoming less certain that they can figure out if personal data has been compromised when corporate laptops are lost or stolen, the TheInfoPro study found.
|
|
| 4.7.2010 |
San Francisco Chronicle |
Laptops with Medical Data Stolen
Two unencrypted laptop computers containing sensitive patient health information regarding 5,450 people recently were reported stolen from the John Muir Physician Network Perinatal Office in Walnut Creek, Calif. Laptops are increasingly viewed as inviting targets for thieves, according to the Ponemon Institute, which studies data security issues.
|
