University Breach Leads Roundup

235,000 Affected by Storage Vulnerability

By , December 5, 2012.
University Breach Leads Roundup

In this week's breach roundup, Western Connecticut State University is notifying about 235,000 students and others that their personal information was exposed online. Also, Alere Home Monitoring in Waltham, Mass., reports that about 116,000 patients were affected by a breach involving a stolen laptop.

See Also: Breaking Down Ease-of-Use Barriers to Log Data Analysis for Security

235,000 Affected by University Breach

Western Connecticut State University is notifying about 235,000 students and others that their records were exposed due to a storage system vulnerability.

The compromised information includes names, addresses, Social Security numbers and/or financial account information provided in association with transactions with the university, officials announced in an online FAQ.

Files containing personally identifiable information that were kept in the storage system were "stored in a manner that may have allowed unauthorized users to access the files in question from April 2009 to September 2012," the university said.

Upon discovering the problem, the university launched an investigation in cooperation with local police and notified the Connecticut Attorney General's office.

The university has found no evidence that records were inappropriately accessed, but is offering up to two years of free identity theft protection to those affected, according to a statement.

As a result of the breach, the university said it has added unspecified layers of protection. Plus, it will continue assessing and improving all aspects of its information security program.

Stolen Laptop Compromises Patient Info

Alere Home Monitoring in Waltham, Mass., is notifying about 116,000 individuals of a breach after an unencrypted company-owned laptop containing sensitive information was stolen from an employee's locked vehicle.

Alere provides home testing products and services for patients.

Compromised information includes names, addresses, dates of birth, Social Security numbers and diagnosis codes, company officials say.

Affected individuals will be notified about the incident and offered free credit monitoring services for one year. Alere is also notifying news media in "certain states," although it did not specify which ones.

As a result of the breach, Alere is deploying encryption to laptops that connect to its computer network and is providing additional education to staff.

The incident has been posted on the Department of Health and Human Services' Office for Civil Right's list of breaches affecting 500 or more individuals.

Unencrypted Device Exposes Personal Data

The University of Virginia Medical Center and Continuum Home Infusion are notifying almost 2,000 patients after an unencrypted Palm device used by on-call pharmacists went missing around Oct. 5.

Continuum Home Infusion offers home health care, infusion, pediatric and psychiatric services.

Patient information stored on the device includes names, addresses, diagnoses, medications and health insurance identification numbers that, in some instances, are Social Security numbers, the company says.

A spokesperson for UVA Medical Center said 1,846 patients were affected. Although it's believed the device was lost and not stolen, a police report was filed.

Patients whose Social Security numbers may have been on the device will receive free credit monitoring for one year.

Patients Affected by Missing USB

Christus St. John Hospital in Houston is notifying an undisclosed number of patients who participate in the St. John Sports Medicine program that an unencrypted USB drive containing sensitive information has gone missing.

Information on the USB includes patient names, dates of birth, health insurance information, Social Security numbers, diagnoses and progress notes, according to a statement on the hospital's website.

The patients affected were treated from Jan. 1, 2011, to July 1, 2012.

Data Stolen on UK Civil Servants

Follow Jeffrey Roman on Twitter: @gen_sec

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE N.Y. AG Seeks to Toughen Data Safeguards

New York State Attorney General Eric Schneiderman proposes updating state law to require...

Latest Tweets and Mentions

ARTICLE N.Y. AG Seeks to Toughen Data Safeguards

New York State Attorney General Eric Schneiderman proposes updating state law to require...

The ISMG Network