Friday, April 24, 2015

Employee Used Mobile Phone to Steal Patient IDs

A former employee of a health insurance provider was found to have screenshots of patients' personally identifiable information (PII) on her mobile phone.

The identity thefts took place during the period from 2007-2013 but the insurance company did not know about the data thefts until December 2014 when they were notified by the IRS.

"the former employee’s personal cell phone was confiscated and pictures of screen shots from [the insurance company's] computer screens were found on it."
- insurance company letter to attorney general's office
Unfortunately, third parties, rather than the organization holding the PII, are often the first to discover identity thefts. However, this is not the case for organizations that utilize low-cost on-demand SaaS analytics to proactively detect identity thefts and data privacy breaches, even when a mobile phone is used to capture screenshots.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Aetna Notification to Maryland State Attorney General's Office - www.OAG.state.MD.us, 03/29/2015

Thursday, April 23, 2015

Employee Stole IDs from Unemployment Database

An employee of a state unemployment office stole clients' Social Security numbers and other personally identifiable information. (PII).

The employee, who no longer works for the unemployment office, obtained the PII by inappropriately accessing the state's Department of Labor Unemployment Insurance database.

"employee improperly accessed and acquired their information from an unemployment insurance database."
- Vermont Department of Labor
It is unclear how the identity thefts were discovered. Organizations seeking to proactively detect ID thefts and data privacy breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Unauthorized Acquisition of Unemployment Insurance Database Information - www.Vermont.gov, 03/27/2015

Wednesday, April 22, 2015

Healthcare Worker Stole Patient IDs for Tax Fraud Ring

Two members of a tax refund fraud ring (SIRF) have pleaded guilty to charges brought against them by the US Attorney's Office, Southern District of Florida.

A healthcare worker at an assisted living facility stole patient IDs and gave it to others in the ring who used to file the fraudulent tax returns.

"they conspired to file fraudulent tax returns using the stolen identities of assisted-living facility residents ."
- US Attorney's Office, Southern District Florida
It is unclear how the identity thefts were discovered. Healthcare organizations seeking to proactively detect identity theft and privacy data breaches can utilize low-cost on-demand SaaS analytics.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Two Plead Guilty in Tax Refund Fraud and Identity Theft Scheme - www.DOJ.gov, 04/16/2015

Tuesday, April 21, 2015

Privacy Commissioner Seeks Prosecution for Rob Ford Breach

Two hospital employees, who inappropriately accessed former Ontario Mayor Rob Ford's medical records, have been referred by the Office of the Information and Privacy Commissioner to the Attorney General for prosecution.

If the duo is convicted, this would mark the first successful prosecution under the province’s health privacy law, which came into force more than a decade ago. They could each face fines of up to $50,000.

"The two health professionals who allegedly snooped into former mayor Rob Ford’s medical records [should] face prosecution."
- Brian Beamish, Ontario Privacy Commissioner
The commissioner’s request for action sends a clear message to all health care professionals that it is not acceptable to “rifle through someone’s medical file just because you’re curious,” according to former Privacy Commissioner Ann Cavoukian. Ford’s health records have been breached on four separate occasions in at least three Toronto hospitals since his cancer diagnosis last September.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Ca: Privacy commissioner calls for prosecution over Rob Ford privacy breach - www.DataBreaches.net, 03/25/2015

Friday, April 17, 2015

$19M Settlement in Target Privacy Breach Lawsuit

Target has settled lawsuits with banks and credit unions issuing MasterCards that were affected by a 2013 data breach that compromised 40 million debit and credit cards.

Target is setting aside $19 million for the financial services institutions for operating costs and fraud-related losses on cards impacted by the data privacy breach.

"[the breach] rattled shoppers who stayed away from the retailer as they were nervous about the security of their private data."
- ABC News
The breach which occurred during the holiday season rattled customers about the security of their private data. Target and has overhauled its security and technology operations as a result of the massive breach.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Target Settles Data Breach Lawsuit With MasterCard for $19M - www.ABCnews.com, 04/16/2015

Thursday, April 16, 2015

Curious Hospital Employee Breached Patients' Privacy

A healthcare worker in Canada accessed 39 confidential patient information out of curiosity about friends and neighbors.

She had nothing to do with the care of these patients and therefore was not authorized to look at their records. Her employment with the hospital has been terminated.

"an employee who had nothing to do with the care of 39 patients accessed their health records out of curiosity about friends or neighbours."
- Health Authority
The breach was discovered after third party allegations about the inappropriate access. Rather than learn of data privacy breaches from third parties, healthcare organizations can detect them proactively with low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Curious employee breached privacy of 39 patients, Island Health authority admits - www.TheProvidence.com, 04/15/2015

Popular Posts

Copyright © 2010-2011 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.