May 18, 2009 Anderson Kia Car Dealership
May 18, 2009 NJ Department of Labor and Workforce Development
May 13, 2009 United Food and Commercial Workers Union 555
May 12, 2009 Johns Hopkins
May 11, 2009 Multiple financial institutions
(New York City, NY)
May 11, 2009 Office of the State Superintendent of Education D.C.
May 7, 2009 University of California
May 7, 2009 Irving schools
May 5, 2009 Spencer House Apartment Complex
May 5, 2009 Fulton County Board of Registration and Elections
May 5, 2009 East Burke Christian Ministries
May 4, 2009 Virginia Health Data Potentially
Department of Health Professions
May 4, 2009 Kapiolani Community College
May 1, 2009 Lexis Nexis/Investigative Professionals
April 30, 2009 Unknown businesses in Chateau Office Building
(Woodland Hills, CA)
April 29, 2009 Illinois Department on Aging
April 29, 2009 Oklahoma Housing Finance Agency
(Oklahoma City, OK)
April 29, 2009 Orleans Parish Public Schools
(New Orleans, LA)
April 28, 2009 West Virginia State Bar
April 27, 2009 Federal Reserve Bank of New York
(New York, NY)
April 23, 2009 Oklahoma Department of Human Services
(Oklahoma City, OK)
April 22, 2009 New York State Tax Department
(New York, NY)
April 22, 2009 Marian Medical Center
(Santa Maria, CA)
April 20, 2009 FairPoint Communications Inc.
April 16, 2009 Myspace
(Los Angeles, CA)
April 13, 2009 Irving Independent School District
April 13, 2009 Moses Cone Hospital
April 12, 2009 CBIZ Medical Management Professionals
April 11, 2009 Peninsula Orthopaedic Associates
April 10, 2009 Borrego Springs Bank/Vavrinek,Trine,Day and Co.
(Borrego Springs, CA)
April 9, 2009 Penn State Erie/Behrend College
April 8, 2009 Hawaii Department of Transportation
April 8, 2009 Metro Nashville School/Public Consulting Group
Metro Nashville students’ names, Social Security numbers, addresses and dates of birth and parents’ demographic information were available by searching Google. A private contractor unintentionally put student data on a computer Web server that wasn’t secure. The data was available online from Dec. 28 to March 31.
My Note – all of the places on the list above have had losses of personal information on thousands of people along with whatever else was taken either intentionally or inadvertently. The list is an excerpt from the site link above it which contains some of the details about each of these events. But, what is most surprising besides this being too commonplace to make the news, is this article from the New York Times –
A Grand Jury’s Plain Words.
The Stolen Records of a Georgia County.
Atlanta, Ga., Sept. 29, (1887) – A great sensation is blossoming in this city in regard to the rights of the Abstract Company, which embraces in its membership the leading merchants and business men of the city. Their purpose is to warrant land titles, and by possession of the abstracts of the records of the county for several years, the originals of which are lost, they have an exceedingly fat thing. By an act of the Legislature they are permitted to copy free all current records, so that their records are always complete, while those of the county are not. Recently the County Commissioners made an effort to force the Abstract Company to allow court officers to take copies of the abstracts for the years covered by the missing records. When they attempted this one of their own number, Mr. James D. Collins, stood in the way.
Right here the interesting fact was recalled that Mr. Collins had for years been Clerk of the County; that it was while holding this office that he copied the records, and that it was these copies which he had sold to the Abstract Company for a good round sum. It was during the incumbency of his successor in office that the original records were stolen, thus giving value to the copied extracts. The Grand Jury, which body elects the Commissioners, passed resolutions calling upon such Commissioners as were interested in the abstract business to resign. To this request they paid no attention. The Grand Jury to-day returns to the subject by calling upon the Legislature to act, and in the resolutions the Grand Jury very pointedly says: “Without now charging any person who has or may heretofore have had any interest in said abstract with any criminal act or intention we do not hesitate to express the opinion that if the abstracts had never been made, our records would never have been stolen. We believe the theft was intended by the thief to be in the interest of the Abstract Company. No other motive has ever been apparent or suggested; or is reasonable.” This direct imputation upon high-toned citizens creates a sensation, and, it is said, will lead to some startling developments.
The New York Times
Published: September 30, 1887
Copyright © The New York Times
The data stolen from UC Berkeley includes health data of the school’s students and alumni — and their parents or spouses, in many cases — who received benefits through University Health Services as well as approximately 3,400 students of Mills College in Oakland, Calif., who were eligible to receive benefits.
# University Of Massachusetts Amherst’s Health Services Network Breached By Hackers
# University Of Utah Hospitals & Clinics Stolen Backup Tape Contained 2.2 Million Billing Records
# Virginia Health Professions Database Breached, Hackers Demand Ransom
# Hundreds Of UCLA Medical Employees Abused Privilege And Looked Into Celebrities Medical Records
# Breach Involving Health Information In Elliot Health System
Feb. 11, 2009 Los Angeles National Laboratory
(Los Alamos, NM) The Los Alamos nuclear weapons laboratory in New Mexico is missing 69 computers, including at least a dozen that were stolen last year. The computers are a cybersecurity issue because they may contain personal information like names and addresses. But they did not contain any classified information. Also missing are three computers that were taken from a scientist’s home and a BlackBerry belonging to another employee that was lost in a sensitive foreign country. Unknown
Feb. 9, 2009 Federal Aviation Administration
(Washington D.C.) Hackers broke into the Federal Aviation Administration’s computer system, accessing the names and Social Security numbers of employees and retirees. 43,000
Total increased to 48,000
And in Georgia this time last year –
DHR warns employees about breach of confidential information
March 21, 2008
ATLANTA (GA) -The Georgia Department of Human Resources is taking extensive measures to alert current and former employees of a breach of confidential records that may expose personal employee information. As a precaution, DHR is urging current and former employees to carefully review all credit records and other financial account information. Employees potentially affected by the security breach will receive a letter from Rosa Waymon, Director of the Office of Human Resources Management and Development (OHRMD), explaining the situation and recommending they contact the three credit bureaus – Experian, Equifax and Trans Union.
The agency warns that the breach took place on or around March 19th. An external hard drive that stored a database containing identifying information such as names, social security numbers, birth dates, home contact and federal tax information was removed by an unauthorized person.
Since discovering the breach, DHR has been working diligently to inform employees of the breach while also conducting an internal investigation led by the Office of Investigative Services.
The agency has also proactively alerted the three credit bureaus about the situation. DHR has instituted a new directive which requires password protection on jump and flash drives and portable computer media that contains personnel information. Additionally, the agency is directing employees to secure these items when away from their desks and offices.
While DHR has no evidence that the information is being used fraudulently, the agency is taking every immediate measure to limit the possibility of potential fraud and identity theft.
Georgia law indicates that all residents are to receive two credit reports free of charge each year. The agency urges employees to retrieve a copy of their credit report and request a fraud alert be placed on their records. Employees should contact each credit bureau at the following: Experian, P. O. Box 9595, Allen, TX 75013-9595 Tel: 888-397-3742; Equifax, P. O. Box 740241, Atlanta, GA 30374-0241 Tel: 800-685-1111; and Trans Union, P. O. Box 1000, Chester, PA 19022 Tel: 800-888-4213.
For information, contact:
Dena Smith; 404.656.4937
The agency has also proactively alerted the three credit bureaus about the situation. In addition, DHR has instituted a new directive which requires password protection on jump and flash drives and portable computer media that contains personnel information.
Additionally, the agency is directing employees to secure these items when away from their desks and offices. Although DHR has no evidence that the information is being used fraudulently, the agency is taking every immediate measure to limit the possibility of potential fraud and identity theft.
Georgia law indicates that all residents are to receive two credit reports free of charge each year. The agency urges employees to retrieve a copy of their credit report and request a fraud alert be placed on their records. Employees can find out how to contact credit bureau by visiting original Georgia Department of Human Resources article describing this accident.
[from above page]
# Human Error Reveals WellCare Health Plans Members
# Griffin Electric Stolen Laptop Exposes Employee Data
# University Of Utah Hospitals & Clinics Stolen Backup Tape Contained 2.2 Million Billing Records
# Oklahoma Department Of Corrections Website Exposed Sex Offenders Data
# Backup Tape With Private Details Stolen From Greensboro Gynecology Associates
March 28th, 2008
Personal Records Stolen In Georgia Department
The Georgia Department of Human Resources is taking extensive measures to alert current and former employees of a breach of confidential records that may expose personal employee information. Stolen records include names, social security numbers, birth dates, home contact and federal tax information.
RealAge: Selling your medical secrets to Big Pharma?
May 12th, 2009
RealAge: Selling your medical secrets to Big Pharma?If one of the big pharmaceutical companies, like Pfizer or GlaxoSmithKline, asked you to fill out a detailed questionnaire on your health so that they could turn around and use this information to e-mail you prescription drug advertising, would you do it?
I’d guess that most people wouldn’t. In fact, many would be insulted at being asked to reveal their medical secrets to help Big Pharma make a buck.
And yet, close to 30 million people have effectively done just this — by clicking on Internet ads to take a quiz by RealAge that claims to calculate their true “biological age.”
As the New York Times has reported:
RealAge allows drug companies to send e-mail messages based on those test results. It acts as a clearinghouse for drug companies, including Pfizer, Novartis and GlaxoSmithKline, allowing them to use almost any combination of answers from the test to find people to market to, including whether someone is taking antidepressants, how sexually active they are and even if their marriage is happy.
As RealAge’s marketing vice president proudly put it: “If you want to reach males over 60 that are high blood pressure sufferers in northwest Buffalo with under $50,000 household income that also have a high risk of diabetes, you could.”
I should clarify that RealAge doesn’t sell its members’ names, e-mail addresses or individual health data to its Big Pharma advertisers. Instead, it analyzes your quiz results, then sends you newsletters in which the ads you see are determined based on your answers to the RealAge quiz.
Still a little creepy, isn’t it?
We have to agree with Mark Sisson’s take on the quiz at Mark’s Daily Apple:
In our culture, we’re supposed to want to feel and look younger. Shedding the years (however symbolically) might make us feel better (or worse) in the moment, but it’s ultimately a gimmick.
A gimmick designed to make money — to the tune of more than $20 million per year.
And while the information isn’t sold directly to Pfizer or Glaxo, the fact remains that your medical secrets are RealAge’s most coveted product, and Big Pharma is the customer.
Stolen Records Case Unfolds in Denver
A man who stored hundreds of real and forged documents, drug paraphernalia, cell phones and video cameras in a self-storage unit in Denver returns to court this month to face charges of identity theft, forgery and theft of medical records. Paul Simmons, 46, was allegedly using the materials to create fake drivers’ licenses, Social Security cards and checks. His stash was discovered in January when he failed to pay his self-storage rent and his goods were auctioned.
Simmons denies any involvement in the identity-theft operation, but Dawn Philbin, a 51-year-old hospital worker, claims Simmons pressured her to steal documents from San Anthony Central, where she worked for five years. She also has pleaded not guilty to identity theft, though she admitted to taking the hospital records and giving them to Simmons.
Simmons returns to court on May 15. Philbin has a depositions motions hearing on June 22 in Denver District Court.
Source: 9 News Denver/ KUSA TV, Hospital worker pleads not guilty in theft of patient records
Abandoned Records in Self-Storage: Whose Responsibility Are They?
New CA Bill Addresses Disposal of Abandoned Records
Maine Self Storage Operators Battle Issues of Abandoned Records
Self-Storage Legislation: Could Be Heartache on the Horizon
Postal Worker Gets Probabation for Stashing Mail in Storage Unit
A Michigan postal worker who hid thousands of pieces of mail in a self-storage unit has been placed on probation for two years. Jill Hull, 35, pleaded guilty to deserting the mail three months ago. She said she couldn’t keep up with her route in Livingston County. Today she was sentenced in federal court, where she apologized to U.S. Magistrate Judge R. Steven Whalen, who decided not to order her with a fine.
Managers of the storage facility discovered the unopened mail in September 2008. Some had postmarks from 2005.
Source: Detroit Free Press, Mail-stashing gets Michigan postal worker probation
Industry Alert : Awareness and management of crime at your facility
The Eyes Have It : Security improves, managers reign
Secure Storage : Keeping a facility safe and suitable
Stolen records raise questions about prescription drug monitoring programs
May 11th, 2009 A No Comments
eDrugSearch.com offers news and advocacy for online prescription drug consumers. Subscribe to our blog’s RSS feed.
prescription drugs monitoring system hacked Stolen records raise questions about prescription drug monitoring programs
On April 30, the secure site for the Virginia Prescription Monitoring Program was hacked and replaced with the following message (expletives deleted):
I have your s— In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(
For $10 million, I will gladly send along the password. You have 7 days to decide. If by the end of 7 days, you decide not to pony up, I’ll go ahead and put this baby out on the market and accept the highest bid. Now I don’t know what all this s— is worth or who would pay for it, but I’m bettin’ someone will. Hell, if I can’t move the prescription data at the very least I can find a buyer for the personal data (name,age,address,social security #, driver’s license #).
Now I hear tell the F—— Bunch of Idiots ain’t fond of payin out, but I suggest that policy be turned right the f— around. When you boys get your act together, drop me a line at email@example.com and we can discuss the details such as account number, etc.
Until then, have a wonderful day, I know I will ;)
Twelve days later, the site is still down — and the fate of millions of prescription drug records is unknown.
The issue was elevated to Virginia Gov. Tim Kaine late last week. On Thursday, Kaine told the Washington Post that the state will not pay the ransom, and that the FBI and Virginia State Police are investigating the computer attack.
The Virginia Prescription Monitoring Program, launched in 2003, is a state-run database that collects prescription information with the goal of tracking and preventing illegal sales, theft and abuse of controlled substances, such as OxyContin. More than 30 other states have enacted similar programs to tackle the growing problem of prescription drug abuse; it is expected that nearly every state will have such a program soon.
The Drug Enforcement Administration (DEA) says the monitoring programs have been of significant benefit. According to the DEA site:
Prescription drug monitoring programs are being used to deter and identify illegal activity such as prescription forgery, indiscriminate prescribing and “doctor shopping.” Most programs provide patient specific drug information upon request of the patient’s physician or pharmacist. Some state programs proactively notify physicians when their patients are seeing multiple prescribers for the same class of drugs. This assists healthcare professionals in managing patient care. It has been an extremely successful program to thwart diversion in a number of states.
Prescription drug monitoring sites are only accessible — or at least are supposed to only be accessible — to registered healthcare professionals, such as licensed pharmacists.
Computer security experts told ChannelWeb that the hacking underscores the need for better security of online prescription drug records and other sensitive data. The issue is a timely one, as President Obama is pushing to make even more healthcare information accessible online.
Said Paul Ferguson, advanced threat researcher for Trend Micro:
There’s not enough due diligence. There are some very clever and unscrupulous people out there who find ways to get access to this stuff.