|
|
 |
|
Security News
| 9.7.2010 |
WABC |
Computer Stolen with Students' Information
City College of New York, one of the colleges of the City University of New York, said a computer containing personal information, including names and Social Security numbers, of more than 7,000 students was stolen several weeks ago.
|
|
| 9.7.2010 |
Health Leaders Media |
Healthcare Breach List Hits 150 Mark
The number of healthcare organizations reporting breaches of unsecured protected health information affecting 500 or more people since February has surpassed the 150 mark, according to the Office for Civil Rights breach notification website. Hospitals and provider networks account for the highest number of breaches on the list.
|
|
| 9.3.2010 |
eWeek |
College Data Breaches Underscore Security Challenges
According to a new report, between 2008 and Aug. 1, 2010, there were about 160 data breaches at higher educational institutions, many of which were caused by improper access controls, inadequate data security measures, and a lack of common sense and best practices. Colleges have long dealt with situations such as employees using their own computers that are just now becoming common among businesses, an analyst said.
|
|
| 9.2.2010 |
Toronto Globe & Mail |
Stolen Hospital Laptop Contained Patients’ Information
Burnaby General Hospital in British Columbia reported a laptop computer with confidential information for 600 Fraser Health Authority patients was stolen from its Pulmonary Function Lab in August. Data included test results of patients who visited the lab.
|
|
| 9.1.2010 |
Gainesville Sun |
Stolen Laptop had 8,300 Student, Employee Records
A laptop computer containing payroll and personal information, including Social Security numbers, of more than 8,300 current and former employees and students of P. K. Yonge Development Research School in Gainesville, Fla., reportedly was stolen in July. The school, which is affiliated with the University of Florida, said the laptop was stolen from a vacationing employee’s car in San Francisco.
|
|
| 8.27.2010 |
KPBS |
New Report Says Consumer Data Breaches Rampant
The Privacy Rights Clearinghouse (PRC) reports more than half a billion data breaches have been reported in the U.S. since 2005. Rainey Reitman, PRC privacy advocate, says portable devices like laptop computers and thumb drives are especially vulnerable to being breached.
|
|
| 8.25.2010 |
ZDNet |
Zurich Insurance Hit with Record Fine over Data Loss
Zurich Insurance was fined £2.3 million by the UK Financial Services Authority (FSA) for losing 46,000 customer records on a back-up tape in transit between two sites in South Africa. FSA said it was clear that Zurich had no effective data protection systems in place to manage outsourcing risks.
|
|
| 8.24.2010 |
DotMed |
University of Kentucky Hospital Loses Laptop
A laptop computer stolen from the University of Kentucky Hospital may have personal medical information for 2,027 patients, officials said. The records on the computer contain names, birth dates, Social Security numbers and medical history for mothers participating in a newborn screening program, the hospital said.
|
|
| 8.20.2010 |
Chicago Tribune |
Information of 7,000 Hospital Patients May be on Stolen Laptop
Personal information for about 7,000 patients of the Cook County health system in Chicago, Ill., was on a laptop computer stolen in June, but officials did not disclose the theft until recently. The laptop, used to transmit data for Medicaid and Medicare reimbursements, contained information such as names, birth dates, Social Security numbers and internal codes related to patients.
|
|
| 8.19.2010 |
WVIT |
Laptop Containing Applicants’ Data Stolen from University of Connecticut
Names and Social Security numbers of 10,174 applicants to the University of Connecticut were on a laptop computer reported stolen from the university’s West Hartford campus. Information on the computer included files of undergraduate admissions-related data of applicants dating to 2004.
|
|
| 8.19.2010 |
New Haven Register |
Stolen Yale School of Medicine Laptop Held Patient Data
A laptop computer containing clinical health information on about 1,000 people was stolen from the Yale School of Medicine in New Haven, Conn., last month, it was reported this week. Connecticut State Attorney General Richard Blumenthal said his office is investigating the breach and whether state or federal laws may have been violated.
|
|
| 8.12.2010 |
KATU |
Computer with Personal Information Stolen
A computer and data storage device with sensitive personal information for an estimated 2,900 food stamp program participants was reported stolen from a car belonging to a Portland Community College employee. Missing data includes the names and Social Security numbers of Multnomah County, Ore., participants in the Oregon Food Stamp Employment Transition Program.
|
|
| 8.10.2010 |
Canton Repository |
Aultman Health Foundation Laptop Computer Stolen
A laptop computer containing names and personal information of 13,800 Aultman Health Foundation home healthcare patients in Canton, Ohio, was reported stolen from a vehicle two months ago, the foundation announced this week. The laptop data included patient names, addresses, birth dates, health information, Social Security and insurance identification numbers, as well as telephone numbers, dating to 2005.
|
|
| 8.9.2010 |
eWeek Europe |
BBC Admits to 146 Lost or Stolen Laptops in Two Years
The BBC reported that IT equipment including 146 laptops, 65 mobile phones and 17 BlackBerrys belonging to the prominent UK news organization have been stolen or lost during the past two years. “The portability of laptops and phones means that, in any large organization, there is an inevitable risk of theft,” a BBC spokesperson said. The BBC gave no hint of the type of data stored on any of the missing devices.
|
|
| 8.6.2010 |
Fort Worth Star-Telegram |
Fort Worth Medical Clinic Notifies Patients of Data Theft
Four computers containing personal information, including names, Social Security numbers, birth dates and diagnoses, for 25,000 patients were stolen in a June burglary at Fort Worth Allergy and Asthma Associates in Texas, the clinic just reported. A spokesperson for the clinic complained that the cost of notifying patients of the data breach is more than the value of the lost equipment.
|
|
| 8.3.2010 |
eSecurity Planet |
TCS Acknowledges Security Breach
Indiana-based First Advantage Tax Consulting Services (TCS) recently notified the New Hampshire Attorney General’s office that a laptop computer containing sensitive data on 32,842 people was lost during an airport layover in June. Documents on the laptop included information provided by employers who were receiving TCS’s services in determining eligibility for tax credits, including names and Social Security numbers, according to other resources.
|
|
| 8.2.2010 |
Montefiore Medical Center website |
Montefiore Notifies Patients About Computer Theft
A data breach affecting 38,000 patients, students and families associated with Montefiore Medical Center in New York resulted from the theft of five computers from the healthcare provider’s Finance Department and School Health Program in May, according to Databreaches.net. Montefiore’s website claims two desktop computers were stolen containing the names and medical records of 16,000 patients, along with Social Security numbers, birth dates, insurance information and hospital admission dates for some. Three desktop computers stolen from the School Health Program included students' names, birth dates, medical record numbers and parent or guardian contact numbers, affecting another 22,000 people.
|
|
| 7.30.2010 |
Houston Chronicle |
Stolen Laptop Puts Data at Risk
Confidential health information of about 1,600 patients of Texas Children's Hospital is at risk after a doctor's laptop computer containing clinical and demographic information was stolen more than two months ago, it was announced last week. The health information involved names, birth dates, diagnoses and service dates of affected children, who were cardiology patients of a Baylor College of Medicine doctor who practices at Texas Children's Hospital.
|
|
| 7.26.2010 |
Healthcare Info Security |
Laptop Theft Affects 21,000 Patients
An unencrypted laptop computer containing personal information on about 21,000 patients was stolen from Thomas Jefferson University Hospitals in Philadelphia, Pa. A hospital employee reported that the laptop, which contained health information in violation of hospital policy, was stolen from an office in June, the organization said this week. The stolen information concerned patients treated during 2008 and included names, Social Security numbers, birth dates, gender, ethnicity, diagnoses, insurance information, hospital account numbers and other administrative coding.
|
|
| 7.23.2010 |
Des Moines Register |
Computer Theft Compromises Iowa Agriculture Program
The Iowa Department of Agriculture announced that the recent theft of a computer from a state car may compromise personal information of more than 3,400 people who participated in the department’s horse and dog breeding program. The device contained names, addresses, phone numbers and Social Security numbers, the department said.
|
|
| 7.23.2010 |
Pueblo Chieftain |
Health Data Missing from Colorado Agency
A computer hard drive containing confidential information about 105,000 Colorado households receiving benefits from Medicaid and the Children’s Health Insurance Program was reported missing, but state officials downplayed the incident, saying it mailed information letters about the breach to clients. Personal healthcare information on the hard drive included client names, programs and state ID numbers.
|
|
| 7.20.2010 |
Boston Globe |
Hospital Files with Data of 800,000 are Missing
Computer files containing personal information for about 800,000 people may have been lost when they were shipped to a contractor to be destroyed, officials of South Shore Hospital in Weymouth, Mass., said. The files may have included names, addresses, phone numbers, birth dates, Social Security numbers, drivers’ license numbers, patient and medical record numbers, health plan information, service dates, diagnoses, treatments and other personal information dating to 1996.
|
|
| 7.20.2010 |
Idaho Statesman |
Tape with Idaho Power, St. Luke's Employee Data Missing
A computer server back-up tape containing personal information for several thousand St. Luke’s Health System employees in Idaho, along with Idaho Power employees and their dependents, was lost by a third party courier in an office move in March, the hospital said this week. Mercer, a human resources consulting company that hired the courier, said the tape had information on workers from several employers, but would not release the names of the other companies. Information on the missing tape may include employees' and their dependents' names, addresses, birth dates and Social Security numbers.
|
|
| 7.20.2010 |
Connecticut Post |
Stolen Labor Department Laptop Contained Confidential Data
A laptop computer stolen from the Connecticut Department of Labor's Bridgeport office contained confidential unemployment insurance information affecting about 5,000 individuals and employers, officials said. Full Social Security numbers are contained in the records.
|
|
| 7.15.2010 |
New Haven Register |
Connecticut Attorney General Wants Teacher Panel to Explain Lost Data
The state Teachers’ Retirement Board in Connecticut owes its 58,000 members an explanation after waiting six months to inform them of a lost flash drive containing retirement data, Connecticut Attorney General Richard Blumenthal said this week. Blumenthal said the lost drive could contain names, addresses, partial Social Security numbers and other personal information.
|
|
| 7.14.2010 |
Infosec Island |
SunBridge Healthcare Notifies 3,830 Residents of Stolen Laptop
A laptop computer containing personal information of 3,830 residents from 10 states was stolen in May from SunBridge Healthcare Corp. According to the New Mexico healthcare company, information on the laptop included names, medical record numbers, service dates and clinical data, as well as Social Security and health insurance numbers of people from Arizona, California, Colorado, Idaho, Montana, New Mexico, Oklahoma, Utah, Washington and Wyoming.
|
|
| 7.14.2010 |
Dark Reading |
Major Breaches Caused By Loss of Physical Media
Online attacks might be getting more sophisticated, but recent off-network incidents painfully demonstrate that the loss of physical storage media is still among the most common causes of data breaches. The California Department of Health Care Services (DHCS) reported to federal authorities that a missing compact disc containing personal information for 29,808 people that was delivered to DHCS may not have been encrypted by the sender, Care 1st Health Plan.
|
|
| 7.6.2010 |
Honolulu Star-Advertiser |
University of Hawaii Computer Breach May Have Compromised 53,000 People
More than 53,000 people who worked with the University of Hawaii at Manoa parking office's database between 1998 and 2009 may be affected by a computer security breach, university officials said this week. The affected records include 41,000 Social Security numbers and 200 credit card numbers.
|
|
| 7.2.2010 |
Yorkshire Post |
Data from 13,000 Farmers on Stolen Laptop
The names, addresses, quota details, transaction reference and telephone numbers of 13,000 UK dairy farmers were stored on a laptop computer reported stolen from an employee’s car at DairyCo, an organization geared toward improving the quality of the UK dairy market. The theft occurred on June 9, nearly a month before the data loss was reported.
|
|
| 7.2.2010 |
Dallas Morning News |
Hard Drive with AMR Retiree, Employee Data Stolen
A hard drive that contained personal information about 79,000 former and current employees, retirees and their beneficiaries was reported stolen by AMR Corp., parent company of American Airlines, Inc., in Fort Worth, Texas. The data, which had been kept by AMR's pension department, spans 1960 through 1995, and consists of microfilm file images, the company said.
|
|
| 6.30.2010 |
SC Magazine UK |
Details of 24,000 People Lost Following Laptop Theft
An employee’s laptop computer containing names, addresses, birthdates and other personal information of more than 24,000 clients of UK training company A4e was reported stolen in a burglary. According to a related BBC article, the data relates to customers of two Community Legal Advice Centers operated by A4e in Hull and Leicester.
|
|
| 6.29.2010 |
Business Week |
New York Hospital Loses Data on 130,000 Patients
An off-network data breach affecting 130,495 patients of Lincoln Medical and Mental Health Center in New York was reported after seven CDs containing unencrypted health and personal information sent by the hospital's billing processor, Siemens Medical Solutions USA, in March, did not arrive at their intended destination. The data included Social Security numbers, health plan and driver's license numbers, addresses, birthdates, and descriptions of medical procedures, the hospital said.
|
|
| 6.28.2010 |
BankInfoSecurity |
ITRC: 325 Data Breaches in First Half of 2010
The Identity Theft Resource Center (ITRC) reports 325 data breaches have been reported thus far in 2010, with business, healthcare and government as the top industries suffering breach incidents. A total of 39 data breaches have impacted financial services, more than half the total of breaches suffered by the industry in 2009. Security and privacy experts say current data loss trends will remain at about the same rate as 2009.
|
|
| 6.23.2010 |
Statesman Journal |
Oregon National Guard Alerts Members that Personal Information is at Risk
A laptop computer containing sensitive personal information, including Social Security numbers, for an unknown number of Oregon National Guard service members, was reported stolen from a Guard member's vehicle in the Portland, Ore., area. Capt. Stephen Bomar, Guard spokesperson, said: "I believe we've had other equipment stolen, but nothing to this scale that contains personal information."
|
|
| 6.21.2010 |
Dark Reading |
Data Breaches Will Increase This Year, Security and Compliance Officers Say
Ninety-five percent of security and compliance pros say they believe that data breaches will increase in 2010, according to a new survey. Another 58% of respondents said they think their personal data is less secure today than it was a year ago, while 30% said compliance is their biggest concern this year.
|
|
| 6.19.2010 |
Seattle Post-Intelligencer |
Burglary Prompts Concerns of Identity Theft
The Family Care Center physical therapy clinic said it discovered a laptop computer and a backup hard drive containing more than 8,000 patient names and accounts for three Washington state facilities were stolen during a recently burglary. Owner Jim Christensen said the data includes patient accounts from operations in Clinton, Freeland and Oak Harbor, Wash.
|
|
| 6.10.2010 |
WPLN |
10,000 Tennesseans’ Names, Social Security Numbers on Stolen Laptop
A laptop computer belonging to a contractor for DentaQuest, a dental benefits provider for several government agencies, and containing more than 10,000 names and Social Security numbers of clients, was reported stolen. DentaQuest said it has opened a call center in Nashville, Tenn., and will start mailing notifications to people affected.
|
|
| 6.3.2010 |
Gainesville Sun |
AvMed: Breach of Customer Data Three Times Worse Than Reported
As many as 500,000 more customers than originally thought may have been affected by the December 2009 theft of two laptop computers from AvMed Health Plans containing personal information, raising the number of people impacted to 860,000. The laptops containing customer names, addresses, birth dates, Social Security Numbers and health information were reported missing from AvMed’s Gainesville, Fla., office on Dec. 11, but the company waited until February to notify members.
|
|
| 6.2.2010 |
IT Business Edge |
Breach of Kidney Dialysis Patient Data in Kentucky
Hundreds of patients undergoing kidney dialysis at a university program now have one more thing to worry about: the possibility that their private medical information was compromised. The University of Louisville alerted the patients that the data was accidentally made available on the Internet without password protection, and offered to pay for a year of credit-monitoring services.
|
|
| 6.2.2010 |
eWeek Europe |
British Health Service Tops List of Data Breaches
The much-admired and sometimes-maligned British National Health Service has come in for a new dose of embarrassment with the release of an official report documenting how the service has been responsible for fully one-third of all the recorded data breaches in the United Kingdom over the last three years. The report was issued by the central government’s Information Commissioner’s Office.
|
|
| 6.2.2010 |
State College News |
Huge Possible Data Breach Reported at Penn State
As many as 25,572 Social Security numbers once stored on Penn State computer systems may have been compromised during security breaches in recent weeks, the university reported this week. The possible breach results from malicious software infecting computers in the university’s library and market research and data office.
|
|
| 6.1.2010 |
Enterprise Networking Planet |
All the Focus on Securing Networks is Missing the Boat
A Ponemon Institute study finds that most organizations spend too much time and money on securing their networks but too little on securing the blossoming number of web applications. According to the study, of the top ten data breaches last year, only 7 percent were related to network breaches.
|
|
| 5.28.2010 |
E-Security Planet |
Data Theft Hits City Employees in North Carolina
Private information on more than 5,200 current and former employees of the city of Charlotte, North Carolina has been compromised as a result of two missing DVDs containing the information. And no surprises: the files were not encrypted. In fact, the only surprise is that the egregious breach occurred while the data was being handled by a supposedly “leading” benefits consulting firm, Towers Watson.
|
|
| 5.28.2010 |
Cincinnati Enquirer |
Missing Records on Stolen Laptop from Cincinnati Children's Hospital
Cincinnati Children's Hospital Medical Center recently reported a laptop computer containing more than 61,000 patient records was stolen from a hospital employee's personal vehicle while it was parked outside the employee's home in March. The records contained names, medical record numbers and services provided, a hospital spokesperson said.
|
|
| 5.22.2010 |
Search Health IT |
Healthcare Data Breaches More Costly Than Average
With Congress having recently added new teeth to data breach notification laws, in the form of $50,000 fines per incident, the industry has seen a huge uptick in the number of breach notifications. But a recent study reveals that data breaches are even more costly for healthcare providers.
|
|
| 5.21.2010 |
Health Leaders Media |
No Excuse for Not Protecting Healthcare Data
With all the knowledge about how to protect private patient information from getting into the wrong hands, there’s no excuse that it’s not generally better protected, observes this columnist. “But really, how difficult is it to protect laptops' security so that even if a thief gets his grubby hands on your organization's property, the information contained within is safe? Not very, apparently, making it all the more ridiculous that not even close to all healthcare organizations do it.”
|
|
| 5.20.2010 |
Federal Computer Week |
At What Point Do Thousands of Networked Devices Become an Off-Network Security Risk?
While it continues to attempt to atone for and fix a string of high-profile data breaches that have drawn the wrath of Congress, the Veterans Administration is dealing with a different kind of IT security issue: how to secure 50,000 networked medical devices in its system. While they’re ostensibly part of the network, we have to wonder if having so many unsecured portable devices floating around your network amounts to a serious off-network security risk.
|
|
| 5.17.2010 |
eSecurity Planet |
A Missing Laptop Full of Medicaid Patient Info
A laptop recently stolen in Chicago has compromised the private medical information of more than 9,500 New Mexico Medicaid clients. Officials with the state’s human services department said the information of Medicaid enrollees was password-protected but not encrypted.
|
|
| 5.11.2010 |
Dark Reading |
Survey Finds Employees Put Personal Security Ahead of Their Employers’
According to a survey of about 1,600 end users in the U.S., U.K., Germany and Japan, individuals put their personal security ahead of protecting their employers’ data. Raise your hand if you’re surprised by this finding. What was perhaps a little surprising, however, was that about half of the respondents admitted to divulging their employer’s private data through an unsecure email account.
|
|
| 5.10.2010 |
Help Net Security |
Nearly Half of IT Pros Think Medical Records Are Less Secure Than
An online survey of IT professionals found that nearly half of them believe their own medical records are less secure than they were just a year ago. In the survey, conducted by an IT security consulting firm, 47 percent responded that they feel their records are less secure now, with the remaining respondents splitting down the middle on feeling they are either more secure or as secure as 12 months ago.
|
|
| 5.6.2010 |
InfoSecurity |
Lost NHS USB Drive Exposes Medical Records
An unencrypted USB drive that contained the medical records of patients and personal information on National Health Service staff in the UK was found by a 12-year-old boy in a supermarket parking lot in Stenhousemuir, Scotland. The BBC reported that the medical records found on the computer memory stick pertained to patients at a secure hospital near Falkirk and contained the criminal histories of some violent patients as well as details about staff at the Tryst Park unit at Bellsdyke Hospital.
|
|
| 5.6.2010 |
Dark Reading |
Data Breaches on the Rise in U.K.
A new survey by the international accounting firm of Pricewaterhouse Coopers indicates the average large firm in the United Kingdom suffered about 45 data breaches last year. More than 90 percent of large organizations reported having suffered a data breach in the last year, up from 72 percent the previous year. At the same time, supply chains are demanding higher levels of security assurance.
|
|
| 5.5.2010 |
eSecurityPlanet |
Huge Loss of Medical Records in Kentucky
A flash drive containing the personal information on 24,000 patients at a psychiatric hospital in Louisville, Kentucky has been missing for a month, prompting the facility to notify patients that their privacy has probably been breached. The compromised data covers patients who have been admitted since 2002.
|
View the Security News Archive
|
|
|
|
