As data storage devices get smaller and easier to carry, the chance of them being stolen or lost goes higher. Thumb drives, laptops, computers, everything shrinks, while storage capacity grows exponentially, great for productivity, awful for unencrypted data. While laptops and USB sticks have always been the easiest to steal or lose, it does not mean that the old fashioned desktop computers cannot share in the same fate.
The result of the following incidents? Exposed data affecting hundreds or thousands, making them perfect targets for identity theft or fraud. Another thing they have in common? You guessed it, they are all part of the healthcare industry! Most of these data breaches can be prevented and it’s a rather simple process. But let’s move on to our list of incidents! Read more
Mid-August seems to have been the perfect time for a fresh increase in hacking incidents that lead to sensitive data being lost or exposed. Maybe the security incidents have been powered by all the news on Anonymous and LuizSec of late, or maybe companies still don’t know what they’re facing. The truth is the simplest hacks seem to get straight to the sensitive information they store on their projects, their partners and mostly their clients.
The first such incident targeted Epson Korea, where a website hack managed to compromise the details of about 350,000 customers. The data accessed by hackers included names, user IDs, passwords and resident registration numbers. Read more
The beginning of August has been extremely rich in data breaches caused by stolen or misplaced flash drives, hard drives and laptops, most of them unencrypted, as it almost always happens. Some of them are quite recent, in other cases it has taken over 5 months for those in question to let the affected parties know about the incidents.
The first breach in chronological order affected Lewisham Homes Limited and Wandle Housing Association Ltd and it involved a contractor’s flash drive that got lost in a pub. Apparently, mixing drinking and having fun with sensitive information does not lead to a tasty cocktail, it leads to details of over 26,000 tenants being lost. The silver lining of the incident is that only 800 people should worry about bank details. Read more
Although there are measures than can be taken to prevent data breaches caused by employees and to involve the personnel more into avoiding such occurrences, there are a lot of security mishaps caused by the loss, theft or misplacing of company hardware by staffers. Laptops, hard drives, USB stick and other storage devices are being lost or stolen on a daily basis, exposing the private data of thousands of people to identity theft or fraud, and many of them occur in the health sector. Read more
A computer that may contain personally identifiable information of almost 20,000 Reid Hospital patients was stolen from an employee’s home office in early April. According to Craig Kinyon, CEO/President of Reid Hospital, the laptop was only one of the items stolen in a break in, this indicating that data was not the objective of the theft.
The computer in question might have been storing reports on Medicare and Medicaid patients that have received treatment and medical services between 1999 and 2008. The reports contain names and Social Security numbers, as well as Medicare numbers.
No information stored after 2008 was stored on the stolen device. Nor were any financial information, banking information or other identifying information stored on the missing notebook.
Last month’s disappearance of a laptop from an employee’s locked car has determined Speare Memorial Hospital in Plymouth officials to send letters to 6000 of their patients, warning them of a potential threat against their private information.
The computer in question contained hospital account numbers, medical record numbers, names, addresses, and other patient and health information. However, no Social Security numbers or other sensitive information like insurance information or credit card information were stored on it. As the laptop and the employee’s desktop computer were synced, technicians were able to determine what exactly was lost. Read more
Two dentists from Phoenix, Arizona, Brian J. Daniels, D.D.S. and Paul R. Daniels, D.D.S. have recently posted a short notice on their website regarding a privacy breach. This breach involved a portable data device which was stolen on March 2nd and contained protected health information for about 10,000 patients.
The notice, poor in any relevant detail, reads as follows:
HIPAA Breach Information for Patients of Record Certain electronically-stored patient records were stolen on March 2, 2011. If you have any questions please call 602-265-8751
As the website itself seems to be lacking content, and media coverage is quite poor at the moment, more information on this issue will become available when the Department of Health and Human Services publishes it.
280,000 people have reason to worry about their health information, as a portable computer drive containing this data has been lost. Keystone Mercy Health Plan and AmeriHealth Mercy Health Plan made an announcement regarding this matter on Tuesday.
The drive is apparently lost within the companies’ corporate offices. It has to actually be determined in which branch as Keystone’s headquarters is in Southwest Philadelphia and AmeriHealth Mercy’s is in Harrisburg. Read more