Monday, December 21, 2015

Heart Clinic Employee Illegally Disclosed Patient's Records

An employee at a Texas heart clinic argued with a patient, who is a pilot, and in retaliation, and without the patient's permission, she sent his medical records to the Federal Aviation Administration.
"She [disclosed the patient's records] “with the intent to cause malicious harm." - Court documents
The now former employee pleaded guilty to wrongful disclosure of individually identifiable health information and three counts of making false statements, for lying to the FBI. She has been fined $50,000 and faces up to one year in prison.

Learn how Veriphyr uses Structural Analytics to detect "impermissible use" of patient data in clinical and business applications by employees, contractors, and third parties.

Sources:
(a) Former heart clinic employee admits to illegally disclosing patient’s medical records - www.DallasNews.com
(b) Thank you to Databreaches.net who was the source for this posting

Thursday, December 10, 2015

$850K Settlement for Alleged Healthcare Privacy Violations

A healthcare system in Massachusetts has agreed to pay an $850,000 settlement to the Department of Health and Human Services (HHS) Office of Civil Rights (OCR) for alleged security and privacy violations.

"OCR said [the healthcare organization] failed to meet HIPAA criteria on risk analysis." -iHealheBeat.org

In addition, the OCR said the healthcare organization must also perform an organization-wide risk analysis and submit the analysis and a risk management plan to OCR.

Learn how Veriphyr uses Structural Analytics to detect "impermissible use" of patient data in clinical and business applications by employees, contractors, and third parties.

Sources:
(a) Health Care Organizations Report Data Breaches, Settlements - www.iHealthBeat.org, 12/08/2015
(b) Thank you to Databreaches.net who was the source for this posting

Monday, November 30, 2015

Cop Inappropriately Accessed Confidential Info

A police officer with alleged romantic links to an accused drug dealer has been suspended from work.

The female officer was the subject of an internal investigation by the Queensland Australia Ethical Standards Command. Reportedly she has failed to resolve a conflict of interest and inappropriately accessed confidential information on the police database.

"[She] inappropriately accessed confidential information on a police computer system."
- Queensland Police Service spokesperson
It is unclear how the inappropriate access was discovered. Organizations seeking to detect data privacy breaches and identity theft can utilize identity and access analytics.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by insiders such as employees, contractors, providers, and vendors.
Sources:
(a) Qld cop suspended amid crim dating reports - www.News.Com.Au, 11/30/2015

Friday, November 20, 2015

EHR Adoption Nears 75%

Basic EHR adoption rates have climbed to nearly 75%, according to a recent study published in Health Affairs.

The researchers think that nationwide EHR adoption is possible soon. The study's authors suggest the high adoption rates were a result of the Centers for Medicare & Medicaid Services EHR Incentive Programs, which recently added penalties for lacking EHR integration.

"Because EHR use is incentivized, an increasing number of healthcare organizations are adopting the technology.."
-EHR Intelligence
While EHRs have been credited with improving healthcare delivery they have also made it easier to steal patients' IDs and medical information. Healthcare organizations seeking to proactively detect identity theft and data privacy beaches can utilize identity and activity analytics.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by insiders such as employees, contractors, providers, and vendors.
Sources:
(a) Basic Hospital EHR Adoption Rates Climb to Nearly 75% - www.EHRintelligence.com, 11/12/2015

Friday, November 13, 2015

Stolen Patient IDs Used by Tax Refund Fraud Ring

Three people in Florida have been sentenced to prison for filing fraudulent tax returns using identities stolen for assisted living residents and patients of a laboratory service.

One defendant had been employed at the assisted living organization; it is unclear who stole patient identitise from the medical laboratory service. The conspirators attempted to steal more than $276,000 from the United States Treasury through the fraud scheme.

"They conspired to file fraudulent tax returns using the stolen identities of assisted-living facility residents." - US Attorney's Office, Northern District Florida

It appears that the patient ID thefts were discovered by the IRS, not by the organizations holding the personally identifiable information (PII). Organizations seeking to proactively detect identity theft and data privacy breaches can utilize identity and activity analytics services.

Learn how Veriphyr uses Structural Analytics to detect "impermissible use" of patient data in clinical and business applications by employees, contractors, and third parties.

Sources:
(a) FL: Three People Sentenced in Tax Refund Fraud Scheme That Used Patient Data - www.DataBreaches.net, 11/06/2015

Thursday, November 5, 2015

Class Action Suit by Employees Over Insider Privacy Breach

Approximately 2,000 employees of a UK supermarket are suing over an insider data breach that involved the theft and posting online of the financial and personal details of 99,998 fellow employees by a disgruntled internal auditor.

"Whenever employers are given personal details of their staff, they have a duty to look after them."- Data Privacy lawyer Nick McAleenan, JMW Solicitors

Other employees who were affected have a four-month window in which to join the group claim. Data Privacy lawyer Nick McAleenan from JMW Solicitors said the case has “important implications for every employee and every employer”.

Learn how Veriphyr uses Structural Analytics to detect "impermissible use" of employee data in corporate applications by employees, contractors, and third parties.

Sources:
(a) Thousands of Morrisons employees to sue bosses over huge data breach - www.YorkshireEveningPost.co.uk,10/27/2015
(b) Thank you to Databreaches.net who was the source for this posting

Monday, November 2, 2015

Cybersecurity Bill Passes Senate

Last week the Senate approved a key cybersecurity bill and it awaits reconciliation with an earlier House version of the bill.The Cybersecurity Information Sharing Act (CISA) would make it easier for the private sector and government to share cyber threat information.

Healthcare industry organizations comments have been favorable. The College of Healthcare Information Management Executives (CHIME) and the Association for Executives in Health Information Security (AEHIS) welcomed passage of the act. “CISA will represent a significant advancement in cyber security and better enable the nation's chief information officers (CIO) and chief Information security officers (CISO) to better protect patient health information,” according to CHIME’s statement.

"The healthcare sector has become a prime target for bad actors, and it's important that the federal government works in conjunction with the industry to ensure provider organizations understand best practices to protecting patient data."
- Charles E. Christian, chair of the CHIME board of trustees
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by insiders such as employees, contractors, providers, and vendors.
Sources:
(a) Major Cybersecurity Bill Clears Senate - www.HealthDataManagement.com, 10/28/2015

Friday, October 30, 2015

Hospital Workers Fired for Breaching Lamar Odom Privacy

While Lamar Odom was hospitalized in Nevada several staff members tried to take photos of him and some tried to access his medical records in violation of HIPAA rules. Several of the hospital workers were fired for their actions.

Unfortunately this is not the first time this has happened. Kim Kardashian and Britney Spears had their privacy rights violated during hospital stays and workers involved in the breaches were fired.

"It's not the first time this has happened. Kim Kardashian and Britney Spears had their privacy rights violated during hospital stays."
- TMZ
Access to VIP medical records is usually monitored closely by hospitals but it's just as easy to monitor access to all patients' records by utilizing identity and activity analytics.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by insiders such as employees, contractors, providers, and vendors.
Sources:
(a) Hospital Workers Fired For Trying to Sneak a Pic - www.TMZ.com, 10/26/2015

Thursday, October 29, 2015

Hospital Employee Fired for Privacy Breach of Patients' Records

A South Carolina hospital employee has been terminated for inappropriately accessing a number of patients' personal data.

Information the employee obtained included patient name, date of birth, driver's license number, insurance information, clinical diagnosis, and possibly Social Security numbers. The breach came to the hospital's attention when other employees began reporting in July 2015 that their insurers had recorded unpaid balances and charges for a prescription cream. Investigated found the employee had been inappropriately accessing patient medical records from January 2014 until August 12, 2015.

"accessing patient medical records "in a manner that was inconsistent with her job functions, hospital procedures and ... training," between Jan. 1, 2014 and Aug. 12, 2015." - Hospital statement
It is unclear why the privacy breaches went on for over one and a half years. And as is all too often the case it seems the hospital learned of the breaches from third parties. Healthcare organizations seeking to proactively detect data privacy breaches and identity theft, even if they occur only once, can utilize identity and activity analytics.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by insiders such as employees, contractors, providers, and vendors.
Sources:
(a) Employee fired after St. Francis data breach - www.GreenvilleOnline.com, 10/26/2015

Tuesday, October 27, 2015

Corporate Compliance & Ethics Week, Nov 1-7, 2015

Celebrate Corporate Compliance & Ethics Week during the first week of November 2015. To better align the timing of Corporate Compliance & Ethics Week with the implementation of the Federal Sentencing Guidelines (Nov. 1, 2004), it will now be held during the first full week in November every year.

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports members' work with education, news and discussion forums.

"Corporate Compliance & Ethics Week highlights the importance of ethics and compliance in every workplace.."
- Society of Corporate Compliance and Ethics
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by insiders such as employees, contractors, providers, and vendors.
Sources:
(a) SOURCE_TITLE - SOURCE_NAME_AND_DATE

Monday, October 26, 2015

Health Facility Fined: Employee Gave Patient's Test Results to Relative

A healthcare facility in Napa County California has been fined $2,500 by the California Department of Public Health (CDPH).

An employee at the facility breached the privacy of a patient's medical record to find out the results of a pregnancy test and then notified a the patient's family member about the results.

"receptionist viewed the results of a patient's pregnancy test and notified a family member of the patient about the results."
- California Department of Health
Healthcare organizations can proactively detect data privacy breaches, even if they occur only once, can utilize identity and activity analytics.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by insiders such as employees, contractors, providers, and vendors.
Sources:
(a) Survey findings on breach of confidential patient medical information issued by the department on 10/09/2012 - www.CDPH.ca.gov, 10/09/2015

Friday, October 23, 2015

Insurance Firm Again Victim of Insider Customer Data Theft

A multinational insurance company has become the victim of their employees stealing customer data for a second time this year.

It is believed that the data theft involved customers insured by the company who had car accidents in 2013 and 2014. The stolen information was used to target these customers with multiple phone calls in a bid to persuade them to file personal injury claims.

"An employee has been sacked from the company, and the police and Financial Conduct Authority have been informed."
- BBC
Organizations seeking to proactively detect theft of their customer data, even if it occurs only once, can utilize identity and activity analytics.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by insiders such as employees, contractors, providers, and vendors.
Sources:
(a) Aviva hit by second customer data theft - www.TheDrum.com, 10/17/2015

Thursday, October 22, 2015

More than $5.5M Settlement with Employees Over Data Breach

Class action attorneys have reached a settlement with Sony Pictures over a breach of employee data.

The bulk of the $5.5 - $8 million settlement will go to the lawyers who handled the case on a contingency basis. Sony Pictures employees who were part of the suit will each receive about $1,000, credit monitoring and $1 million in identity theft insurance while Sony would pick up the tab for a further $2.5 million — or up to $10,000 per individual — for class members who experience unreimbursed loss from identity theft attributable to the Sony Pictures cyberattack.

"[breach] that left the personal information of employees and ex-employees vulnerable."
- Hollywood Reporter
Organizations seeking to proactively detect data theft by hackers posing as insiders can utilize identity and activity analytics.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by insiders such as employees, contractors, providers, and vendors.
Sources:
(a) Sony's Settlement With Employees Over Hacked Data Worth More Than $5.5 Million - www.HollywoodReporter.com, 10/20/2015

Tuesday, October 20, 2015

48 Health Workers Accused of Breaching Patient Privacy

A total of 48 healthcare workers in Canada are allegedly involved in privacy breaches of patient medical records and are facing disciplinary action; some employees have been suspended without pay and one person has been fired. The alleged data privacy breaches were found during an audit.

"This situation underscores the very real consequences of patient privacy breaches." - CEO and president of health services

An Office of the Information and Privacy Commissioner spokesperson stated “With access to health information comes great responsibilities for health professionals and administrators. The health information of Albertans cannot be treated like a social media site where you can access it and begin to creep on other people’s information, no matter how curious one might be.”

Learn how Veriphyr uses Structural Analytics to detect "impermissible use" of patient data in clinical and business applications by employees, contractors, and third parties.

Sources:
(a) AHS investigating alleged privacy breach by 48 Calgary employees - www.CalgaryHerald.com, 10/14/2015

(b) Thank you to Databreaches.net who was the source for this posting


Monday, October 19, 2015

Nurses Fined $1K for Each Patient Privacy Breach

Two Canadian registered nurses have been fined $1,000 for each time they breached the privacy of patients' medical records.

The College of Registered Nurses of Manitoba said one nurse apologized to the patient for her poor judgment. The other nurse admitted to the nurse admitted to inappropriately accessing a patient's medical record, but denied disclosing the patient's information. N either nurse had a disciplinary record and they were both ordered to pay the fine.

"The college said neither nurse had a disciplinary record and they were both ordered to pay the fine."
- CBC News
Healthcare organizations seeking to proactively detect data privacy breaches and identity thefts, even if they occur only once, can utilize identity and activity analytics.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by insiders such as employees, contractors, providers, and vendorsno.
Sources:
(a) 2 Manitoba nurses fined $1K each for breaching patient privacy - www.CBC.ca, 10/17/2015

Friday, October 16, 2015

Govenor Signs Privacy Breach Notification Law

A data breach notification law was recently signed by California Governor Jerry Brown included data encryption standards, as well as standards for defining personal information.

The bill signing comes just a few months after it was revealed that a hack at a large medical center computer network may have compromised personal and medical information for as many as 4.5 million individuals.

"Legislation comes in wake of high-profile health privacy incidents." - FierceHealthIT
Organizations seeking to proactively detect data privacy breaches and identity theft by insiders, or hackers posing as insiders, even if only done once, can utilize identity and activity analytics.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy by insiders such as employees, contractors, providers, and vendors.
Sources:
(a) California governor signs data breach notification law - www.FierceHealthIT, 10/13/2014

Thursday, October 15, 2015

Hospital Fined $240K for Nurse Breaches of Patients' Privacy

A California hospital has been fined $247,600 by California Department of Public Health (CDPH) for a breaches of patients' privacy.

A nurse employed by the hospital convinced a co-worker to look up information about a patient. The hospital failed to notify the CDPH within five days.

"nurse persuaded a coworker to look up specific logs of patients."
- California DPH
It is unclear who discovered the privacy breaches. Healthcare organizations seeking to proactively detect data privacy breaches and identity thefts, even if they occur only once, can utilize identity and activity analytics.
Sources:
(a) California Department of Health - www.CDPH.ca.gov, 10/13/2015

Wednesday, October 14, 2015

Tax Workers Continue to Snoop on Confidential Taxpayer Info

Of the 34 significant privacy breaches reported in 2014 by the Canada Revenue Agency (CRA) to the privacy commissioner all but two were deliberately committed by the agency’s own employees — and the files indicate no worker was fired or reported to police. Two were major breaches were the deliberate incidents where workers snooped into the files of 169 and 170 taxpayers.

The annual number of breach reports has increased dramatically, to 34 last year from just seven in 2011, even though the agency promised to clean up its act after a critical 2012 audit by the privacy commissioner.

"workers continue to poke into the confidential tax files of friends and foes, despite assurances that the chronic problem of unauthorized access is being fixed."
- CBC News
Privacy lawyer David Fraser says there should be zero tolerance for government workers inappropriately accessing confidential records. Privacy breaches can be detected, even if only done one time, but utilizing identity and activity analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Tax workers continue to peek at forbidden files: internal reports - www.CBC.ca, 09/30/2015

Monday, October 12, 2015

Doctor Accused of Breaching Patients' Privacy

A Canadian physician has been allegedly inappropriately, and without consent, accessed the medical records of two patients not under his care. In one case the inappropriate access occurred "a number of times between 2003 and 2014" and in the other case the inappropriate access occurred "a number of times between 2003 and 2006."

A hearing will be held and if found to have committed the unauthorized access alleged by the College of Physicians and Surgeons, the physician could face a number of possible sanctions, including having his certificate with the college suspended or revoked.

"the physician inappropriately and without consent accessed records of an unnamed person who was not his patient on a number of occasions between 2003 and 2014."
- Notice of hearing
It is unclear why the inappropriate accesses were allowed to occur over such long time periods. Healthcare organizations seeking to detect unauthorized access to patient records, even if only done once, can utilize identity and activity analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) More on an alleged patient records breach at the hospital - www.SooToday.com, 09/29/2015

Friday, October 9, 2015

MDs Accused of Using EHR to Steal Patients

A California hospital has filed a suit against three physicians and two medical groups claiming they wrongfully accessed at least 164 patient records in order to lure them away.

The lawsuit's allegations include "unauthorized computer access, misappropriation of trade secrets, conversion and misappropriation of patients' personal health information ... to divert patients for their personal financial gain and commercial advantage."

" the access was "a significant data breach" and a HIPAA violation."
- Hospital's chief legal officer
It is unclear how the data breaches were discovered. Such instances add to the growing legal concerns about the inappropriate use of EHRs. Organizations seeking to proactively detect data breaches and thefts, even if only done once, can utilize identity and activity analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Docs accused of using EHR to steal patients - www.FierceHealthIT.com, 10/08/2015

Thursday, October 8, 2015

Tax Worker Stole Taxpayer IDs for Fraud

A New York state tax department employee allegedly used his employee access to confidential tax records and stole information about taxpayers' bank accounts and then created more than a dozen false and unauthorized electronic checks ranging from $96 to $6,500.

The identity thefts occurred from 2013 to 2015 and involved a dozen state taxpayer accounts. Even after the employee was terminated from the tax department he continued to us the identities to create bogus checks and obtain fraudulent credit cards.

"[he] used his employee access to confidential tax records and stole information on taxpayers' bank accounts."
- Times Union
It is unclear why the identity thefts went on for two years or how they were discovered. Organizations seeking to proactively detect identity theft, even if occurs only once, can utilize on-demand identity and activity analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) State tax worker allegedly netted $50,000 through identity theft - www.TimesUnion.com, 10/03/2015

Wednesday, October 7, 2015

Bank Employee Stole $112K from Customer Accounts

While working as a financial representative at a Connecticut bank from January 2012 to February 2013 an employee stole $112,000 from customer accounts.

Starting in December 2012 and until about May 2013 he identified accounts that had little activity and would transfer funds from those accounts to he believed to be dormant or to accounts he directly controlled.

"While employed at the bank, [he] identified accounts that had little banking activity."
- US Attorney's Office, District of Connecticut
It is unclear why the thefts took place for over a year. Organizations seeking to proactively detect inappropriate access to customer data, even when it occurs only once, can utilize identity and activity analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Bank Employee Sentenced to 18 Months in Prison for Stealing More Than $100K from Customer Accounts - www.DOJ.gov, 10/02/2015

Tuesday, October 6, 2015

Telecom Employee Stole Customer Data

A telecom office employee has been fired for stealing customer data and sharing it with a third party. The third party used the stolen data against one of the telecom's customers.

The now former employee worked in the customer experience department and had access to the firm's customer relationship management system. The worker violated her employment contract and the employee code of conduct, according to the telecom's senior public relations person.

"Our ex-employee gave her friend ...that list and then this gentleman used it against our customer."
- Company spokesperson
This seems to be another case where a third party, rather than the those holding the confidential data, discovered the data theft. Organizations seeking to detect data theft, even when an insider only steals once, can utilize activity analytics.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Ooredoo data breach brings legal action - www.MMTimes.com, 09/03/2015

Monday, October 5, 2015

HIPAA Audits to Start Soon

The Office of Civil Rights (OCR) anticipates starting HIPAA security compliance audits either late this year or in early 2016. Although the timing is not very specific, organizations still have time, though limited, to bring their houses into HIPAA order.

OCR Director Jocelyn Samuels announced FCi Federal, has been chosen to provide management services to the OCR staff conducting the audits. Samuels stated that the majority of audits will be remote as opposed to site audits. While an on-site audit can be more disruptive and stressful some healthcare organizations feel having auditors on-site allows for face to face interaction.

" new audit protocol that will be more focused than the one used in the pilot audits." - Devon McGraw, OCR deputy director of health information privacy
According to Devon McGraw, OCR deputy director of health information privacy, the OCR is now working on a new protocol for the audits, which will be narrower in scope than those conducted during the pilot round of 115 audits in 2011 and 2012. "We're going to be a bit more focused at some key areas of interest," she said. Healthcare organizations seeking to catch insiders breaching or stealing patient data, even once, can automatically detect them with activity analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) http://www.hitechanswers.net/the-auditors-are-coming-the-auditors-are-coming/ - www.HitechAnswers.com, 09/30/2015

Wednesday, September 30, 2015

Class Action Insider Patient Data Theft Suit Can Proceed Against Hospital

A class action lawsuit filed by patients against a hospital over the alleged theft of private patient information by an employee has survived a motion to dismiss.

The judge rejected the hospital's argument that future injuries is not legally sufficient to justify the claim. The hospital also argued that while fraudulent tax returns may have been filed in the names of some of the plaintiffs, they failed to show any actual monetary losses. The US District Court judge, however, ruled in favor of the plaintiffs saying “Though they were given careful consideration, defendant’s arguments are ultimately unpersuasive."

"The suit claims the hospital failed to properly safeguard the patient information.."
- The Dothan Eagle
The patient ID thefts went on for almost a year and were probably discovered by law enforcement, not the organization holding the PII. With more class action suits being filed by victims of ID thefts organizations must utilize proactive breach detection solutions such as second-generation behavioral analytics.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Data breach lawsuit against Flowers Hospital survives motion to dismiss - www.TheDothanEagle.com, 09/27/2014

Tuesday, September 29, 2015

Telecom Contractor Stole Customer IDs with Camera

A telecom company has alerted over 200 customers that their personal identifiable information (PII) may have been breached by a contractor.

The telecom spokesperson said it's their understanding that the insider collected the PII by "photographing computer screens where the personal information was displayed." While he went on to say that "such methods make data theft very hard to detect" that statement is not true. There are second-generation proactive analytics that can detect data theft by photographing computer screens.

"[the telecom] spokesperson said the information was collected by photographing computer screens where the personal information was displayed."
- The Star Phoenix
This insider data theft was another case where law enforcement discovered the privacy breach, not the organization holding the PII. Organizations seeking to proactively detect identity theft and data privacy breaches, before third parties do, can utilize on-demand analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) http://www.thestarphoenix.com/touch/story.html?id=11383587 - www.TheStarPhoenix.com, 09/23/2015

Monday, September 28, 2015

Ringleader of $24M ID Theft, Tax Fraud Scheme Sentenced

A woman who worked in a military hospital in Georgia, where she had access to the identification data of military personnel, including soldiers who were deployed to Afghanistan, stole the personal information (PII) of soldiers and used it file false tax returns. She has been sentenced to 15 years in prison.

She and her co-conspirators filed more than 9,000 false individual federal income tax returns that claimed more than $24 million in fraudulent claims for tax refunds. The IDs used in the tax fraud scheme not only came from the US Army but were stolen from a number of organizations including Alabama state agencies and a Georgia call center.

"[she]worked at the hospital...where she had access to the identification data of military personnel, including soldiers who were deployed to Afghanistan."
- Court documents
The identity thefts and fraudulent tax refund scheme occurred from January 2011 through December 2013. It is unclear why the ID thefts went on for such a long time period. The only method to detect such data thefts by an insider is with second generation behavioral analytics.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Ringleader of $24 Million Stolen Identity Tax Refund Fraud Ring Sentenced to 15 Years in Prison - www.DataBreaches.net, 09/27/2014

Friday, September 25, 2015

Bank Insider Stole 700,000 Customer IDs Over Three Years

A former wealth management adviser at a multinational financial services institution pleaded guilty to stealing confidential information on more than 700,000 client accounts over a three and a half year period.

He illegally accessed account holders' names, addresses and other personal information, along with investment values and earnings, from computer systems used by company to manage confidential data.

"Experts Question Why Company Didn't Detected Unauthorized Access Sooner"
- Banking Info Security
Experts are questioning why these breaches went on for so long. But the only method to detect such inappropriate access by an insider is with second generation behavioral analytics.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Guilty Plea in Morgan Stanley Insider Breach - www.BankInfoSecurity.com, 09/25/2015

Expect HIPAA Noncompliance Fines for BAs?

According to privacy attorney Adam Greene, we'll soon see HIPAA on complaince enforcement against a business associate (BA).

The Department of Health and Human Services' Office for Civil Rights generally takes two to three years to settle cases, and business associates first became directly liable for HIPAA compliance in September 2013. Therefore Greene said "I wouldn't be surprised that within the next year we see our first business associate [enforcement] action from something that happened in 2013 or 2014." He advises BAs to pay attention to the issues involving OCR settlements with covered entities.

"OCR is really looking at all the places you have PHI, all the threats to that, all the vulnerabilities and all the corresponding risks, which is very different from a gap assessment."
- Adam Greene, partner Davis Wright Tremaine LLP
According to Greene, "the risk assessment continues to be the biggest challenge, and a lot of it is not having a risk assessment that aligns with OCR guidance." Organizations conducting risk assessments and seeking to proactively detect data privacy breaches can utilize SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Expect HIPAA noncompliance fines for BAs soon, attorney says - www.FierceHealthIT.com, 09/17/2015

Thursday, September 24, 2015

Nursing Home Employee Guilty of Stealing Resident's ID for Fraud

An employee of a senior center in Alabama has been sentenced to four years in prison for stealing the identity of a resident at the center and using it to steal over $300,000 from bank and credit accounts.

From October 2011 through February 2014 the employee carried out a scheme to defraud the resident's credit union account without the victim's authorization. She used the victim’s credit cards to charge thousands of dollars for expenses that "included financing her own wedding, applying money to someone’s prison account, making car and private school tuition payments, and taking trips."

"[she used] the identity of a resident with dementia to steal more than $300,000 from the resident’s bank and credit accounts."
- US Attorney Joyce White Vance
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Former Hoover senior center employee sentenced for identity theft - www.GadsdenTimes.com, 09/17/2015

Tuesday, September 22, 2015

Policeman Fired for Privacy Beach of Colleague's Records

A policeman has been fired for gross misconduct. Without permission he accessed a colleague's computerized application for a job promotion and disclosed the information to another officer who was applying for the promotion.

The officer's misconduct hearing found he "lacked honesty, integrity and confidentiality, which are fundamental values that police officers need to portray in order to maintain public confidence."

"This was a deliberate and flagrant breach of honesty and integrity, and a significant breach in his colleagues’ confidence and trust."
- Police hearing panel
It is unclear how the privacy breach was discovered. Organizations seeking to proactively detect data privacy breaches and identity thefts can utilize SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Police officer dismissed for gross misconduct - www.SuffolkFreePress.co.uk, 09/15/2015

Monday, September 21, 2015

Pharmacist Charged with Privacy Breaches of Prescription Records

A South Carolina drug screener and a pharmacist have been charged with conspiring to steal confidential patient prescription records from a state database so attorneys could use them in Family Court cases.

The two men allegedly plotted to illegally pull information from the state’s prescription database, which more than 63 million records. The restricted system allows officials to monitor for potential misuse of powerful narcotics such as Oxycontin while protecting patient confidentiality.

"As a pharmacist, he has access to the prescription database. But he is accused of illegally pulling records of people not in his care and giving those records to [attorneys]."
- The Post and Courier
It is unclear how the privacy breaches were discovered or over what period of time they occurred. Organizations seeking to proactively detect privacy breaches and identity theft can utilize SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Drug tester, pharmacist deny wrongdoing in alleged prescription records breach - www.PostAndCourier.com, 09/11/2015

Friday, September 18, 2015

SCCE Compliance & Ethics Institute, Oct 4-7, 2015

The Society of Corporate Compliance and Ethics (SCCE) is holding their 14th Annual Compliance and Ethics Institute from October 4-7, 2015 in Las Vegas, Nevada.

This conference is the primary education and networking event for professionals working in the Compliance and Ethics profession across all industries around the world. Sessions at the 2015 conference will offer the latest compliance information on hot topics and current events.

"Sessions are carefully selected and will be presented by leading experts who will explore real-world compliance issues, practical application, emerging trends, and state of the art techniques." - SCCE
John Vastano, PhD, Chief Scientist of Veriphyr, has been invited to lead a a 3.5 hour hands-on tutorial "Immediately Address IT Access Compliance Challenges with These Techniques, Using Tools You Already Have." Details on this and other sessions can be viewed here.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Compliance and Ethics Institute - www.CorporateCompliance.org, 9/17/2015

Thursday, September 17, 2015

Employee Used Police Database for Fraud

/> A former Florida police department civilian employee has been indicted on charges she conspired to commit fraud and illegally used police databases in connection with the scheme.

A co-conspirator would give her license plate numbers of the elderly and she would look up their personal information (PII) in the police databases. The indictment claims she knew this PII would be used to commit crimes, including filing false federal income tax returns and identity theft.

"she gave information from law enforcement databases to others, knowing it would be used to commit crimes, including filing false federal income tax returns and identity theft." - Court documents
It is unclear how the identity thefts were discovered or over what time period they occurred. Organizations seeking to proactively detect identity theft and data privacy breaches can utilize SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Learn how Veriphyr Identity and Access Intelligence delivers business insights - with no hardware and no on-site software.
Sources:
(a) Former civilian employee for Tampa police department indicted on fraud charges - www.TBO.com,
12/14/2015

Wednesday, September 16, 2015

Employee Sued for Stealing Employer Proprietary Info

An former employee of a financial services firm is being sued for allegedly breaching a non-compete clause by stealing client lists and targeting clients after he joined a similar firm.

The plaintiff asserts it determined the defendant downloaded confidential information, such as price list secrets and other proprietary information, in the weeks prior to his leaving the firm.

"[Plaintiff] claims [employee] breached a non-compete clause by stealing client lists and targeting clients after he joined a similar firm." - Court documents
It is unclear how the plaintiff first learned about the data breach. Organizations seeking to proactively detect data theft by employees and contractors can utilize SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Former employee sued for allegedly breaching non-compete clause, stealing proprietary information - www.LousianaRecord.com, 09/08/2015

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.