Search Results : texas

Dec 152017
 

Meredith Shamburger provides an update to a previously reported incident:

More than a week after several East Texas school districts were notified of a computer security breach that exposed personal information, officials say they still don’t know how many of their students have been affected.

The Texas Department of Agriculture notified nine area districts that students in their schools had personal information, such as names, Social Security numbers and home addresses, compromised by an October hack.

“They told us it was about 700 (students) total in all of the school districts they listed, and at that time they didn’t have a list of who from each district was affected or how many students from each district,” Gladewater ISD Superintendent Sedric Clark said. “I haven’t received anything from them since.”

New Diana, Ore City, Gilmer, Gladewater, Harleton, Karnack, Union Grove and Union Hill ISDs along with Harrison County Juvenile Services were notified of the breach.

State officials said it does not appear any exposed student information has been misused.

The Texas Department of Agriculture oversees school breakfast and lunch programs, which is why school districts were affected. Officials said a daily security monitoring had found malware on one employee’s computer.

Read more on Longview News-Journal.

Update: A complete list of the 39 districts affected can be found here (h/t, Doug Levin and The K-12 Cyber Incident Map (by EdTech Strategies).

 

State Ag Dept.: East Texas school districts among those affected by ransomware

 Posted by at 4:54 pm  Education Sector, Malware, U.S.  Comments Off on State Ag Dept.: East Texas school districts among those affected by ransomware
Nov 302017
 

Meredith Shamburger reports:

Several East Texas school districts have been affected by a computer security breach, with students’ personal information potentially being compromised, according to a notice from the Texas Department of Agriculture.

Affected school districts include New Diana ISD, Ore City ISD, Gilmer ISD, Gladewater ISD, Harleton ISD, Harrison County Juvenile Services, Karnack ISD, Union Grove ISD and Union Hill ISD.

Officials say a Texas Department of Agriculture employee’s computer was attacked through malicious ransomware on Oct. 26, with the attack affecting more than 700 students. The Texas Department of Agriculture oversees school breakfast and lunch programs.

While the department says it has not detected any misuse of that information, it noted that identifying information exposed by the attack include names, social security numbers, home addresses, birthdates and personal phone numbers.

Read more on News-Journal.

The full notification, reproduced on the News-Journal’s site, shows a lot more school districts that were affected than what appears in the main news story.

 

Jun 272017
 

Michelle Pedraza reports:

Last week Laredo ISD employees were notified that there was a security breach involving very important information about its employees.

As of right now, the district is not sure when the breach happened, but they know that the names and social security numbers of some LISD’s employees were made public on a website by the Texas Association of School boards.

LISD says that other school district’s that were affected have been notified and TASB will be sending a letter to every employee that was affected.

Read more on KGNS.

The Corpus Christi Caller-Times had reported this same incident on June 21, although it seems to have flown under a lot of media radar so far. The Caller-Times reported:

Some Corpus Christi Independent School District employee names and Social Security numbers from late 2016 through early 2017 were inadvertently made visible online, a district news release states.

The Texas Association of School Boards notified the Corpus Christi ISD of the incident, which was discovered May 22.

“All employee information has been taken down,” a district news release states.

The school board association, which administers a group unemployment compensation program for Texas school districts, reports there is no evidence that the personal information was accessed or used in any way, the release states.

On June 21, Alief School District also notified its employees. Their notification included an FAQ with the following information:

On May 22, 2017, the Texas Association of School Boards (TASB) learned that some personal information of employees (name and social security number) inadvertently became visible to the public on the internet. TASB immediately secured the information and engaged Kroll Cyber Security, a leading computer forensics firm, to conduct an investigation.

When did this happen?

We don’t know exactly when the data became visible, but TASB learned about it on May 22, 2017, and took immediate action to remedy the situation, securing the information.

I’m not finding anything on TASB’s web site yet that would indicate the total number of school district employees affected by the breach, nor any explanation as to how the inadvertent exposure occurred or when it first occurred.   This post will be updated if and when more details become available.

Personal info of 522 Aetna clients in Texas affected by data security incident, firm says

 Posted by at 9:59 am  Health Data  Comments Off on Personal info of 522 Aetna clients in Texas affected by data security incident, firm says
Jun 242017
 

Alejandro Martinez-Cabrera reports:

More than 500 Texans that receive health insurance through provider Aetna were affected by a data security incident that exposed some of their personal information online, Aetna officials said in a statement Friday.

The information of 522 residents in Texas was “inappropriately available for a period of time,” the statement said.

Read more on Statesman.com.

Texas health system settles potential HIPAA violations for disclosing patient information

 Posted by at 8:55 pm  Exposure, Health Data, U.S.  Comments Off on Texas health system settles potential HIPAA violations for disclosing patient information
May 102017
 

Okay, this seems a bit harsh in terms of monetary penalty. From another HHS/OCR settlement announced today:

Memorial Hermann Health System (MHHS) has agreed to pay $2.4 million to the U.S. Department of Health and Human Services (HHS) and adopt a comprehensive corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. MHHS is a not-for-profit health system located in Southeast Texas, comprised of 16 hospitals and specialty services in the Greater Houston area.

The HHS Office for Civil Rights (OCR) initiated a compliance review of MHHS based on multiple media reports suggesting that MHHS disclosed a patient’s protected health information (PHI) without an authorization. In September 2015, a patient at one of MHHS’s clinics presented an allegedly fraudulent identification card to office staff. The staff immediately alerted appropriate authorities of the incident, and the patient was arrested.  This disclosure of PHI to law enforcement was permitted under the HIPAA Rules.  However, MHHS subsequently published a press release concerning the incident in which MHHS senior management approved the impermissible disclosure of the patient’s PHI by adding the patient’s name in the title of the press release.  Also, MHHS failed to timely document the sanctioning of its workforce members for impermissibly disclosing the patient’s information.

In addition to a $2.4 million monetary settlement, a corrective action plan requires MHHS to update its policies and procedures on safeguarding PHI from impermissible uses and disclosures and to train its workforce members.  The corrective action plan also requires all MHHS facilities to attest to their understanding of permissible uses and disclosures of PHI, including disclosures to the media.

The resolution agreement and corrective action plan may be found on the OCR website at   http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/MHHS/index.html