At a glance.
- Argentinian retailer exposes customer data.
- Drunken night ends in loss of resident data.
- June proves to be a busy month for US healthcare data breaches.
Argentinian retailer exposes customer data.
Researchers at WebsitePlanet detail the discovery of an unprotected database containing personal data belonging to hundreds of thousands Argentine residents. The data appear to belong to Hendel Hogar, a retailer of household products with stores across Buenos Aires, and some of the data pertained to Hendel Card, the retailer’s personal credit payment option. Folders with names like “cliente” (customer) and “cuenta credito” (credit account) contained nearly a million records of names, ID numbers, and financial data in plain unencrypted text, all accessible without password protection. As well, the data includes DNI or “Documento Nacional de Identidad” numbers, Argentina’s main identity document required for activities like voting, payments, military service, which could be used to identify individual customers. The researchers described the breach as “one of the largest data leaks of customer information such as names and ID numbers in plain unencrypted text that we have seen in a very long time.” Argentina’s Personal Data Protection Law would require the retailer to notify the appropriate authorities or customers.
Drunken night ends in loss of resident data.
The Register reports that a Japanese contractor working in the city of Amagasaki lost a thumb drive containing the personal data of 460,000 residents. BitDefender explains that the man was employed by a firm called BIPROGY that distributes benefits to residents, and had transferred the residents data onto the memory stick at Amagasaki's information center earlier that day. According to police reports, he placed the drive in his bag before going out for a night of drinking last Tuesday. He ended up passing out in the street, and when he awoke, his bag was missing. The data on the drive included names, birth dates, addresses, tax details, banking information, and social security records of Amagasaki residents – fortunately encrypted, but nonetheless extremely sensitive. The contractor filed a lost property report with the police. The bag and the memory stick were found on Friday, and officials say there’s no evidence that the data were accessed. Nonetheless, residents were understandably concerned when they heard about the missing data, flooding the city’s offices with over 30,000 phone calls in one day. BIPROGY stated, “We deeply apologize to the citizens of Amagasaki, the city of Amagasaki, and all concerned for the inconvenience caused by the loss of important information entrusted to us."
June proves to be a busy month for US healthcare data breaches.
According to the US Department of Health and Human Services' HIPAA Breach Reporting Tool reporting website, four of the ten largest medical data breaches so far this year have been disclosed this month. Baptist Medical Center and Resolute Health Hospital of New Braunfels, a medical institution based in the US state of Texas, experienced a data breach exposing the data of more than more than 1.24 million patients, and the incident is the fourth largest health breach reported this year. Gov Info Security reports that the compromised data included patient names, dates of birth, addresses, Social Security numbers, health insurance details, and other medical information.
In the state of Alabama, Grandview Medical Center has disclosed that the hospital's emergency department activity logs were stolen and discovered in a residential apartment on April 4. Becker’s Hospital Review reports that the subsequent investigation revealed that the data, which included names, dates of birth, medical record numbers, account numbers, and treatment information connected to over one thousand patients, might have been stolen as far back as February 13.
Healthcare IT News reports that leading US integrated managed care consortium Kaiser Permanente experienced an employee email breach impacting members of its Kaiser Foundation Health Plan of Washington. Officials say protected health information like patient names, medical record numbers, dates of service, and lab results were contained in the emails, and while there is no evidence that the data were accessed by the unauthorized party, they are unable to rule out that possibility.
Atrium Health, a hospital network with locations across North Carolina, South Carolina, Georgia, and Alabama, disclosed that an unauthorized third party "gained access to a home health employee’s business email and messaging account" via a phishing operation. Though it appears the intruder was not targeting medical or health information, Atrium says "we could not conclusively determine whether personal information was actually accessed by the unauthorized party."
Other healthcare institutions experiencing data incidents this month include not-for-profit North Carolina hospital UNC Lenoir Health Care, and Massachusetts-based management and imaging services provider Shields Health Care Group.