Our experienced team views data breach response as a joint effort in partnership with the client where the client’s philosophy, brand and customer base are considered integral in reconciling compliance with the numerous, and often competing, laws and regulations. [...]
SCHNUCK’S MASSIVE DATA BREACH RESULTS IN SEVERAL CLASS ACTION LAWSUITS
As we reported last month, Schnucks super market stores announced a data breach in March that potentially effected 2.4 million debit and credit card users. News reports have indicated that as many as 79 Schnucks stores may have had their customers’ card numbers and information stolen. As is often the case, class action lawsuits have … Continue reading
SCHNUCKS IS THE LATEST SUPER MARKET CHAIN TO SUFFER AN EXTENSIVE DATA BREACH
Last month Schnucks supermarket chain announced that it had been the victim of a hacking and was investigating a data breach that lead to customer credit and debit cards being fraudulently charged with purchases. At the time, Schnucks did not indicate the severity of the data breach. Schnucks has now announced that approximately 2.4 … Continue reading
HHS ISSUES FINAL BREACH NOTIFICATION RULES – The end of “no harm, no foul”?
Last week the Department of Health and Human Services (HHS) issued its long-awaited “Final Rule”[.pdf] meant to strengthen various HIPAA/HITECH privacy and security rules related to individuals’ health information. The 563 pages of federal regulations contain numerous rule modifications. Notably with respect to the scope of this Blog, there are significant changes to the Breach Notification Rule for protected health information (PHI). When originally issued as an “interim final rule” in … Continue reading
OFFICE OF CIVIL RIGHTS RINGS IN NEW YEAR WITH SIGNIFICANT HIPAA DATA BREACH SETTLEMENT
The HHS’ Office of Civil Rights (OCR) announced today that The Hospice of North Idaho has agreed to pay a $50,000 settlement for violations of the HIPAA Security Rule. OCR made a point of announcing that the settlement is the first one that involves a breach of unprotected PHI affecting fewer than 500 individuals. In … Continue reading
NATIONWIDE INSURANCE LATEST VICTIM OF A DATA BREACH
Nationwide Mutual Insurance Company announced that part of its computer network has been hacked and that personal information effecting more than 1.1 million individuals has been stolen. The data breach occurred on October 3rd. The network that was breached is also used by Allied Insurance. Nationwide has determined that the compromised information includes names, birth … Continue reading
TD BANK ANNOUNCES DATA BREACH
TD Bank recently began notifying approximately 260,000 customers in numerous states from Maine to Florida that their personal information had been lost. A TD Bank spokesman confirmed to the Associated Press that unencrypted back-up data tapes were misplaced in transport earlier this year. The tapes contained personal information that included account information and social security … Continue reading
MEDAL OF HONOR RECIPIENTS BECOME VICTIMS OF AN ON LINE DATA BREACH
The Social Security numbers of 31 Army Medal of Honor recipients were accidentally posted on line by a Pentagon employee. The Los Angeles Times reported last week that the personal information was removed from the internet after the breach was discovered by a well known military historian. The Social Security numbers appear to have … Continue reading
A MASSACHUSETTS HEALTH CARE PROVIDER AGREED TO PAY $1.5 MILLION TO SETTLE A HIPAA PRIVACY VIOLATION
HHS’ Office of Civil Rights announced this week that a Mass. health care provider will pay a $1.5 million settlement to resolve a HIPAA privacy violation. http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/meei-agreement.html. The monetary settlement is part of a resolution agreement and the result of the alleged 2010 theft of a laptop computer that held 3,621 patient records. The … Continue reading
STOLEN LAPTOP LEADS TO HEALTHCARE DATA BREACH INVOLVING 55,000 INDIVIDUALS IN INDIANA
Cancer Care Group (CCG), an Indiana oncology practice, has announced a data breach that affected approximately 55,000 individuals, including patients and employees. CCG has approximately 21 locations within Indiana. CCG reported that a laptop computer bag was stolen from an employee’s locked vehicle on July 19th. The data allegedly stored on the laptop computer … Continue reading
NEW CONNECTICUT DATA BREACH IS A PERFECT EXAMPLE OF DATA SECURITY FAILURES
The Connecticut Attorney General just announced that personal health information and protected health information for over 9,000 Hartford Hospital patients was lost in June. http://www.ct.gov/ag/cwp/view.asp?Q=508726&A=2341. A laptop carried by an EMC subsidiary employee was reportedly stolen. The State AG announced that the unencrypted information on the laptop contained names, addresses, dates of birth, social security … Continue reading