Friday, May 29, 2015

Policeman Indicted for Unauthorized Use of Database

An Ohio policeman was unauthorized to use the Law Enforcement Automated Data System (LEAD) to look up personal information about his girlfriend’s landlord. By law, police officers may only use the LEADS system for official business.

He has been indicted for abusing the LEAD. This charges comes four years after the data privacy breach occurred. In 2010 he looked up the home address of the landlord and wearing his police uniform visited him at 2AM to try and obtain money owed to the girlfriend.

"he look[ed] up personal information about his girlfriend’s landlord."
- Ohio Bureau of Criminal Investigation
It is unclear how the privacy breach was discovered or why it took three years for him to be dismissed from his job, or why it took more than four years to indict him; of course he's presumed innocent. Law enforcement organizations can proactively detect data privacy breaches and identity thefts by utilizing low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) More than 4 years later, police officer indicted for alleged misuse of database and coercion - www.DataBreaches.net 05/21/2015,

Thursday, May 28, 2015

Sheriff Deputy Charged with Computer Invasion of Privacy

A Georgia county sheriff's office deputy has been charged with computer invasion of privacy and violation of oath related to “unauthorized procurement of personal data for his own personal gain.” according to the sheriff’s office.

According to a press release by the sheriff’s office the charges stem from computer inquiries the deputy made in May which were "not for official purposes." No other details about the data thefts are available at this time.

"The charges stem from computer inquiries made by [him] in early May which were not for official purposes ."
- Sheriff's Office press release
it is unclear how the data breaches were discovered. Organizations seeking to detect identity theft and privacy breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Hall County Sheriff’s Office deputy charged with computer invasion of privacy - www.GainsvilleTimes.com, 05/22/2015

Wednesday, May 27, 2015

CMS: Meaningful Use Payments Top $30B

As of March 2015, the Centers for Medicare and Medicaid (CMS) has paid more than $30 billion in electronic health record (EHR) incentive payments to eligible hospitals and healthcare professionals. according to the latest CMS data.

According to the data, 535,567 active participants had signed up for the incentive program through March, and 429,000 eligible healthcare professionals and 4,800 eligible hospitals have received incentive payments as of March.

" providers who demonstrate meaningful use of certified EHRs can qualify for Medicaid and Medicare incentive payments." - iHealthBeat.org
Widespread use of EHRs is expected to improve healthcare delivery. However, EHRs can also make sealing patient identities and privacy breaches easier. Healthcare organizations seeking to proactively detect ID theft and breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Meaningful Use Payments Top $30B as of March, CMS Says -
www.iHealthBeat.org, 05/26/2015

Tuesday, May 26, 2015

Florida Hospital Insider Privacy Breach Affects More Patients


A hospital in Florida is notifying more patients that they were affected by a previously disclosed privacy breach by an employee. At that time, February 2015, 686 patients were affected by a breach involving unauthorized access/disclosure of personal health information (PHI).

It is little comfort to breach victims that the hospital is "able to affirm that none of your personal information was printed by the responsible individual" since if the insider had a smartphone photos of screens of PHI could have been taken, especially since the hospital "cannot be certain whether your social security number was viewed by this individual."

"[the hospital] identified that additional individuals may have also been affected beginning as early as January 1, 2012 through October 2013." - Hospital press release
It is unclear why the breaches were allowed to occur from January 2012-October 2013. Healthcare organizations seeking to proactively detect privacy data breaches and identity theft, even if a smartphone is used to breach data, can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) http://www.databreaches.net/fl-aventura-hospital-and-medical-center-notifies-more-patients-of-insider-breach/FL: Aventura Hospital and Medical Center notifies more patients of insider breach - www.DataBreaches.net, 03/20/2015

Friday, May 22, 2015

Marine Paid to Steal Soldier Data for Fraud Scheme by Jewelry Store

The first of a trio of jewelry store employees has been arraigned for bribing a Marine and unlawfully accessing personal financial information of other service members.

In exchange for money and jewelry the now former Marine reset the PINs on military members' bank accounts. The jewelry store employees could then access the accounts and add fraudulent charges to unsuspecting members. ----

"he offered to pay [the Marine] $25 to reset MyPay account passwords on the accounts of active duty military members who were customers ."
- Court documents
It is unclear how the identity thefts were discovered. Organizations seeking to proactively detect insider identity theft and data privacy breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Former Jewelry Store Employee Pleads Guilty in Military ID Theft Case - www.NBCsanDiego.com, 05/20/2015

Thursday, May 21, 2015

Healthcare Employee Breached Patient & Staff Privacy

A healthcare provider in California is notifying their employees and patients that a now former employee inappropriately accessed records that contained personal identifying information (PII).

According to this healthcare provider "patient and responsible party information that may be affected includes names, addresses, medical information, health insurance information, dates of birth, Social Security numbers and financial information. Employee information that may be affected includes names, Social Security numbers, dates of birth, addresses, health insurance information, medical information, driver's license numbers, financial information and telephone numbers."

"Employee and patient PII Data Elements were inappropriately accessed."
- Letter sent to possible victims
It is unclear how the breaches were discovered; a forensic investigation is ongoing. Organizations seeking to proactively detect identity theft and data privacy breaches, rather than learn about it from third parties, can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Consolidated Tribal Health Project, Inc. Notifies Employees and Patients of a Data Security Compromise - www.OAG.gov, 05/12/2015

Wednesday, May 20, 2015

Employee Stole IDs from Passport Office for Fraud Scheme

A worker for the Department of State has been accused of stealing passport data to set up fake identities and then use them to secure lines of credit.

A number of accomplices were recruited for the scheme. They would assume the false identities and purchase iPads and other electronics. Prosecutors say this the passport agency employee abused her position of trust.

"An identity theft and wire fraud scheme targeting both the Houston and Atlanta passport agencies went on for five years.."
- Federal Prosecutors
It is unclear why the identity thefts went on for five years or how they were discovered. Organizations seeking to proactively detect identity theft and privacy data breaches can utilize low-cost on-demand SaaS analytics.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) 3 indicted in Houston, Atlanta passport fraud cases - www.TheMonitor.com, 05/07/2015

Tuesday, May 19, 2015

IRS Agent Charged with ID Thefts for Tax Fraud

An IRS agent has been charged with identity theft and tax refund fraud (SIRF).

He used his position to access taxpayers' personal identifying information (PII) and then used that information to perpetrate a fraudulent tax refund scheme. “Allegations of aggravated identity theft committed by an IRS employee who bears the responsibility for protecting taxpayers from such crimes are particularly reprehensible," according to Melissa Chedotal, Special Agent in Charge for TIGTA’s Atlanta Field Division

"personal identification information contained in these false and fraudulent tax returns [i.e., names, dates of birth, and social security numbers], came into [his] possession by virtue of his employment as an IRS Special Agent.”."
- US Attorney, Southern District Alabama
It is unclear how over what time period the the identity thefts occurred or how they were discovered. Organizations seeking to proactively detect identity theft and data privacy breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Two Birmingham Area Men Charged With Filing False Tax Returns, Theft Of Public Monies, Wire Fraud, And Aggravated Identity Theft - www.Justice.gov, 05/05/2015

Monday, May 18, 2015

Police Snooped and Shared Residents' Private Data

Police officers in Australia have been caught snooping or sharing private information of constituents. Complaints of police abusing information increased 54% in 2014 over the 2012 rate and proven cases doubled.

Internal records obtained under Freedom of Information laws showed 229 suspected cases of police abusing private and sensitive information were investigated; one in three were proven to be breaches.

"Internal records obtained under Freedom of Information laws show 229 suspected cases of police abusing private and sensitive information were investigated." - Herald Sun
David Watts, the Law Enforcement Data ­Security Commissioner warned of a growing risk of security breaches attributable to lapses in personnel security, in particular the risk of “insider ­intrusion”, with a need for ongoing checks of personnel, information and communication security. Organizations seeking to detect data privacy breaches proactively, rather than rely on third part complaints, can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Dishonest police officers caught snooping or sharing Victorians’ private information - www.HeraldSun.com.au, 05/17/2015

Friday, May 15, 2015

California DPH Levied $1.1M in Fines for Health Privacy Breaches

To date for 2015, the California Department of Public Health has levied fines of $1.1 million against healthcare providers and hospitals for data breaches. The breaches were often the result of inappropriate access of patient records by employees.

Examples of the privacy breaches that led to fines included a clerk viewing her husband's chart, an employee accessing 98 patient records without prior authorization, and two employees playing a prank on an employee undergoing surgery.

"The breaches typically were the result of...inappropriat access to records by employees."
- The California Department of Public Health
Healthcare organizations seeking to proactively detect data privacy breaches by employees, even those with authorized access, can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) DPH Has Levied $1.1M in Fines This Year Over Data Breaches - www.CaliforniaHealthline.org, 05/08/2015

Thursday, May 14, 2015

Woman Charged in $7.5M ID Theft Tax Fraud Scheme

An Alabama woman has been arrested for her participation in a large-scale stolen identity tax refund scheme in which more than 3,000 false tax returns for 2012 and 2013 were filed that claimed more than $7.5 million in fraudulent federal income tax refunds from the IRS.

Identities were stolen from a number of places including two state agencies. A woman working at these agencies has pleaded guilty to stealing personal identifying information (PII) from 2006 - 2014. She is to be sentenced May 19.

"[she stole] the identities of several individuals while working at two different state agencies from 2006 to 2014."
- Alabama Media Group
It is unclear why the ID thefts were allowed to occur at the state agencies for over 7 years. Organizations seeking to proactively detect identity theft and data privacy breaches acn utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Alabama woman charged in $7.5 million stolen identity tax refund fraud ring - www.AL.com, 05/12/2015

Wednesday, May 13, 2015

Bank Employee Arrested for Selling Customer Account Info

A now former employee of a major bank has been charged by the FBI with selling customer account information.

This bank insider sold account details, including the account holder's address, social security number, date of birth, debit card number, and its three-digit security code to thieves who wanted to empty customers' accounts.

"The case shows the old security adage is true – watch your perimeter closely but your staff even closer."
- The Register
As is unfortunately the case these identity thefts were discovered by law enforcement, rather than the financial institution holding the personal identifying information (PII). Organizations seeking to proactively detect identity theft and privacy data breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) JP Morgan bank bod accused of flogging customer account info - www.TheRegister.co.uk, 04/29/2015

Tuesday, May 12, 2015

73% of Health Workers Violate Security Policies

A survey of over 780 IT and business decision makers said that 81% of employees/coworkers occasionally or routinely violated security and compliance policies; for the 300 polled in the healthcare industry it was 73%.

More than 97% of the healthcare organizations having policies in place. However, challenges remain when it comes to implementing them, ranging from low employee comprehension to policy violations.

"Challenges remain when it comes to implementing [policies], ranging from low employee comprehension to policy violations."
- MCOL, Daily Factoid
To ensure the preventive controls, such as security and privacy policies and procedures, are being followed a program of detective controls is critical. Detective controls for data privacy breaches, excessive access, and identity theft can easily be accomplished with low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) 73% of Healthcare Workers Report Security Policy Violations - www.MCOL.com, 03/23/2015

Monday, May 11, 2015

Army Private Stole Fellow Soldiers' IDs for Fraud

An Army private has been indicted on federal charges of fraud and identity theft from fellow soldiers. The identity thefts occurred from 2011 through 2015 as he obtained the personal data through his access to leave and earnings statements and other military records.

According to the US attorney for Kansas, the soldier used the personal identifying information (PII) of colleagues to obtain credit cards and loans.

"[He] was able to access the personal data through his access to leave and earnings statements and other military records." - US Attorney Barry Grissom
It is unclear how the identity thefts were discovered or why they were allowed to occur for 4 years. Organizations seeking to proactively detect identity theft and data privacy breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Army private accused of stealing fellow soldiers' identities while at Fort Riley - www.CJONonline, 05/07/2015

Friday, May 8, 2015

Teachers Victims of ID Theft Fraud Scam

A licensed insurance agent in California has pleaded guilty to identity theft after bilking over $200,000 in commissions from an insurance company.

Using teachers' identities that she probably obtained from an agency's computer system when they applied for annuities, the woman then moved to another agency and submitted fraudulent applications for new annuities.

"These teachers applied for annuities through that other agency, and when she moved on, she submitted the fraudulent applications for new annuities."
- Suda Rajender, prosecuting attorney
Although school employees did not lose any money in the scheme, the district attorney’s office said 55 teachers were victims of identity theft.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Nine Lodi teachers fall victim to insurance fraud scam - www.LodiNews.com, 04/12/2015

Thursday, May 7, 2015

JAMA: Breaches Have Increased, Most Costly in Healthcare

A report in the Journal of the American Medical Association notes that data breaches have increased during the past decade.

Compared with other industries, these breaches are estimated to be the most costly in healthcare and there are few studies that detail breach characteristics and scope.

"Healthcare breaches are estimated to be more costly than in other industries."
- report in the Journal of the American Medical Association
The source of the study was the Health and Human Services online database of health data breaches.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Data Breaches of Protected Health Information in the US - www.JAMAnet.com, 04/22/2015

Tuesday, May 5, 2015

$125K HIPAA Breach Fine for Single Location Pharmacy

Although only a small, single location pharmacy the Department of Health and Human Services Office for Civil Rights (HHS, OCR) has fined them $125,000 for potential HIPAA Privacy Rule violations.

In addition to the fine they pharmacy is to adopt a corrective action plan to correct deficiencies in their HIPAA compliance program.

"[the pharmacy] will pay $125,000 and adopt a corrective action plan to correct deficiencies in its HIPAA compliance program." - Home Health News
The OCR opened a compliance review and investigation after receiving notification from a local news organization regarding protected health information (PHI) of 1,610 patients being at risk.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Resolution Agreement-Cornell Pharmacy - www.HHS.gov, 04/22/2015

Monday, May 4, 2015

Lawsuit: Hospital Employee Breached Child's Privacy

A West Virginia woman is suing a hospital for allowing their employee, who was in a relationship with the child's father, to breach the privacy of the child's medical records for over a year. Not only the hospital but the employee and the chief information officer are named in the suit.

The employee was not authorized to access the child's confidential information. The mother said it was only after she contacted the hospital repeatedly that the matter was investigated.

"At no time did the [hospital] attempt to learn or otherwise notify [the patient's mother] that at least one of its employees had been repeatedly accessing [the child's] private and confidential medical information."
- Court documents
Unfortunately breaches often only come to light when a third party complains. Rather than learn of privacy data breaches from victims, healthcare organizations can proactively detect them with low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Woman sues Marshall Health for data breach - www.WVrecord.com, 04/23/2015

Friday, May 1, 2015

Cable TV Insider Stole Customer IDs for $3M Fraud Scheme

A cable TV employee, who had access to subscriber information, stole customer IDs and sold them to a fraud ring. The ring of eleven people stole $3 million.

Members of the theft ring used the information to pitch free service and equipment to new customers, using the stolen data to trick the cable TV computer system.

"more than 1,200 innocent customers could see their credit affected by these phony accounts."
- KTBS news
This ID theft ring was only discovered after out-of-state customers received delinquent bills and called the cable company to complain. Unfortunately identity theft is often discovered by a third party, not the company holding customers' personally identifiable information (PII). Organizations seeking to proactively detect identity theft, rather than learn about it from third parties, can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Investigation leads to multiple counts of identity theft in Caddo Parish - www.KTBS.com, 04/28/2015

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.