Dec 162017

Here is yet another reminder of (1) why you don’t leave devices in your car with critical information on them, and (2) why you need backups of mission critical data. Doug Johnson reports:

LINCOLN — A Lincoln charity is desperate for help after their laptop was stolen from a Natomas restaurant parking lot.

Maria & Joseph’s Ministry to the Poor sends vitamins to the Philippines, but the president of the charity, Klint Robins, says without his computer those pills will not get to the people who need them.


“The children aren’t starving because you can have rice, you have salt, you have a little bit of vegetables,” Robins said. “But it’s not the right kind of foods.”

The addresses where boxes of vitamins need to be sent are now gone.

So even if some good samaritan provides a replacement laptop, the information is gone. How sad is that?  I’m sure Mr. Robins is already beating himself up over this, and I don’t want to pile on, but if there’s any way readers might remember this incident and vow not to leave your devices in unattended cars, and to have backups, well…… maybe some good can come out of this?

Dec 162017

So it’s the end of 2017 but we’re still hearing about laptops being stolen from locked cars and that the devices were password-protected?  If the U.S. Education Department started cracking down in terms of enforcement, might it make any difference? Asking for a friend, of course…..

KTBS reports:

LSU is mailing letters to approximately 5,500 individuals whose information may have been contained on a university-owned laptop that was recently stolen from an LSU employee.

[…] That investigation determined the laptop may have contained individuals’ full names, dates of birth, Social Security numbers and/or driver’s license numbers. The laptop may also have contained the names and credit card information for a very small number of individuals.

Read more on KTBS. WBRZ reports:

A university spokesperson says the information contained in the laptop would have primarily belonged to current and former students, potentially with some faculty data as well.

Dec 142017

From a notification WHS-Greene posted on their web site:

It is with regret that we inform you that Washington Health System Greene recently experienced a security breach when an external hard drive for the Bone Densitometry machine, that contained patient information, was determined to be missing from our Radiology department. We discovered the external hard drive was missing on October 11, 2017, and shortly thereafter, reported the matter to the Pennsylvania State Police as a potential theft.

We have reason to believe the drive contained names, height, weight, race, and gender information.  Medical record number, health issue, and prescribing physician are also believed to be included for some patients but not all.   This limited information is related to patients who underwent bone density studies at the WHS Greene from 2007 until October 11, 2017.

Importantly, no social security information or financial information was misappropriated.

We are not aware of any of our patients’ personal information having been used by an unauthorized individual. Further, given the limited information that was potentially exposed, we have concluded it is unlikely that the patient’s identity or personal health information will be misused.

Dec 132017

Their press release:

December 12 – Franciscan Physician Network of Illinois (FPN Illinois) and  Specialty Physicians of Illinois, LLC (formerly known as Wellgroup Health Partners, LLC, “SPI”) are notifying patients of a privacy breach.

On November 21, 2017, it was confirmed that a limited number of boxes that contained 22,000 patient payment records could not be located in a shared record storage facility located in Chicago Heights, Illinois. The boxes contained records from 2010 and 2015-17.

After an earlier routine records request, records personnel searched for the requested materials and could not locate them which triggered a further inventory audit that discovered some of the boxes, but a total of 40 boxes of payment records could not be located.

While the continuing investigation has not revealed any evidence of foul play, officials have taken the added step of notifying law enforcement as a further precaution.

“We value patient privacy and deeply regret that this incident occurred,” said Craig Miller, SPI executive director. “We are conducting a thorough investigation to identify additional measures we can take to prevent similar incidents in the future,” he said. Claude Foreit , vice president of  Franciscan Physician Network, stated, “Steps have been taken to improve safeguards for payment records, including bolstering physical security, updating our tracking system for paper records, and retraining employees responsible for handling these records.”

The affected records only include information relating to payments that were made in person either in the office at the time of service or in person at an FPN Illinois or SPI facility. Of those stored transactions, it was determined that payment records such as patient receipts, credit card receipts, and back-office accounting reconciliations were included in the boxes. The information included patient name, address, payment date, payment amount, payment method, office location and the last four digits of patient credit card numbers. No full credit card number was compromised in the incident. For a small subset of individuals who paid with a check, the records may contain the patient’s routing number, bank account number and social security number.

The payment records from 2010 may have also included patient date of birth, account number assigned by the facility, insurance ID number, diagnosis, type of visit, procedure code, provider name and address, dates of service and description of services performed.

Impacted individuals have been notified by mail and will be offered two years of identity theft protection services at no cost. Patients affected will also be encouraged to monitor their financial accounts, credit history, and Explanation of Benefits statements as extra precautions.

A dedicated hotline, (833) 295-7812, has been established to take patient questions related to this incident.


Dec 132017

Prawesh Lama reports:

A computer’s hard disk along with its CPU was stolen from Law Faculty in Delhi University on December 3 — the day officials started compiling the attendance of faculty members and that of over 7,000 law students.

The law faculty’s dean, Ved Kumari, in her complaint alleged that the stolen CPU contained records of attendance of both students and teachers.

Read more on Hindustan Times.