Ziņu arhīvs

TX: Nurse terminated for unauthorized viewing of TRMC patient records

A privacy breach by a “curious” nurse at Titus Regional Medial Center has resulted in letters to 108 former patients warning of a slight risk of identity theft. Hospital Administrator Ron Davis relayed Tuesday that internal auditing procedures uncovered the misconduct.

“The nurse said she was just ‘curious’ and looked at records she was not authorized to view,” Davis said. “She has sworn that she did not do anything with that information.” The nurse in question was immediately suspended when the violation was uncovered in November during an audit and has since been terminated. Her case was referred to the Texas Board of Nursing.

Information on 1.4m customers lost by Cattles Group Birstall headquarters

The Cattles Group, which owns Welcome Finance loans firm, has written to customers informing them that two back-up storage discs with private information about 1.4 million customers have been misplaced.

Marlene Proctor, 31, from Wibsey, was one of the customers who received a letter saying the firm cannot account for her personal details, including bank details, national insurance number, date of birth and address. The firm claims there is no evidence to suggest the details have fallen into the wrong hands, but Miss Proctor says the ordeal has left her fearing her details could be used by fraudsters.

She said: “It’s meant to be reassuring, but it’s not. No one knows where my details are and who has them. “What’s going on? It’s hard enough to get loans or get good ratings without some fraudster type stealing your identity and making it even worse.”

In its letter, the firm said an investigation was now under way at its Kingston House offices, where the details were lost.

As well as customers’ details, the lost IT discs included human resource data about staff who are part of the Cattles Group.

A spokesman for the Cattles Group confirmed two tapes were missing from its Kingston House building in Birstall. It was discovered at the end of November and an investigation was started immediately, a spokesman said. The loss has been reported to the relevant authorities, including the Information Commission and its regulators the Financial Services Authority.

The Cattles spokesman said: “The storage tapes contain low-level personal data relating to 1.4 million customers, limited to names and addresses for 800,000, but also including date of birth and payment history for 600,000. "The tapes also include HR data relating to staff in employment with the Cattles Group up to October 2010. A process to inform affected customers and employees is under way. There is no evidence that the information has fallen into the wrong hands or been used maliciously.

“However, Cattles takes its obligations to protect personal data of its customers and staff extremely seriously and we deeply regret what has happened.”

Olympics security documents found in Kent

Security documents about the Olympics were found by a passenger on a train in Kent, it has emerged. A commuter discovered the restricted file, said to contain policing strategy for the Games, in Dartford.

The sensitive information was handed to a national newspaper, sparking a Scotland Yard probe into how the dossier was lost. The documents have been returned to police after the bungle.

The Metropolitan Police insisted security for the London Olympics has not been compromised. A spokesman said: "On Thursday 5 January a Metropolitan Police Service officer lost his bag containing a number of documents. The officer reported the loss to a senior officer. The Department of Public Safety have been informed as is routine.

"We do not believe that the bag contained operationally sensitive documents. The documents are now back in police possession. "Obviously the loss of restricted material is a matter for concern, but we are satisfied that this does not compromise our security operation for the Olympics."

Protect-does not mean hiding

Over the past weekend from buildings of the University of Victoria stolen electronic media that were stored for more than 11 thousand. records. Among the lost personal data, social security numbers, bank details etc. The device is encrypted.

It was reported that unencrypted media stored in the vault, which could reveal the robbers. On Monday notified victims of theft took place. The University Administration advised employees to analyze all the transactions on credit cards, since the information leakage. Scott MakKènnel (Scott McCannell), Executive Director of the PEA (Professional Employees Association) urged the leadership of the University for damages suffered as a result of the incident.

A significant detail in the Brighton and Sussex University Hospitals NHS Trust breach?

Brighton and Sussex University Hospitals NHS Trust told Out-Law.com that hard drives containing patient data had been sold on the auction website by a contractor it employed to destroy them. A spokesperson for the Information Commissioner’s Office (ICO) said the watchdog had proposed fining the Trust £375,000 over the incident. The Trust has challenged the suggested penalty.

“We were the victims of a crime,” Duncan Selbie, chief executive of Brighton and Sussex University Hospitals NHS Trust said in a statement. “We subcontracted the destruction of these hard drives to a registered contractor who subsequently sold them on eBay.”

Previous coverage of this case had not made clear that the thief was an employee of the contractor. The Argus had named the contractor as Sussex Health Informatics Service. But if it is true that it was a dishonest contractor’s employee who was responsible, doesn’t a £375,000 fine by the ICO seem exorbitant and unreasonable? The contractor is a registered contractor for the NHS, so what did the trust presumably do wrong?

I look forward to finding out more about why the ICO was/is reportedly prepared to fine them for this incident.

Saūda Arābijas hakeri izlika tīkla tūkstošiem izraēlieši datus

"Mēs uzlauzām daudz mājas lapu un lejupielādējām no tām ļoti daudz informācijas par Izraēliešiem, vārdus, adreses, identitāšu apliecību, kredītkaršu un mobilo tālruņu numurus un izmantojam šo informāciju pēc vajadzības," uzrakstīja noziedzīgas grupas hakeris, kurš publicēja šos datu failus.

Hakeris apgalvo, ka grupējums nozaga 400 tūkstošu cilvēku datus, bet bankas kredītkaršu emitenti atspēko šo informāciju. Kompānija Isracard apgalvo, ka datu bāzes daudz atkārtojumu un apšaubāmās informācijas. Pēc Isracard viedokļa, derīgu karšu numuru failā ap 14 tūkstošu.

Bankas paziņoja, ka visu īpašnieku, kuru dati tika "kompromitēti" kartes tiks bloķētas, un tika solīts kompensēt iespējamos konta zaudējumus zādzību gadījumā. Pieņem, kā hakeri nozaga Izraēlas internet-veikalu pircēju personas datus.

Uzlauzts Lielbritānijas ex-premjera e-pasts

Britu policija uzsākusi izmeklēšanu par bijušā premjerministra Gordona Browna e-pasta noplūdi.

Kā tika ziņots, bija uzlauzti aptuveni 20 datori, uz kuriem tika glabāti personiskie e-pasta dati aptuveni 100 cilvēkiem, tostarp bijušajām Lielbritānijas premjerministram Gordonam Braunam ziņo vietējie plašsaziņas līdzekļi.

Hackeri nozaga apmēram 100,000 e-vēstuļu. Pie noziedznieku nonākušas vēstules attiecas uz laika posmu, kad bijušais premjerministrs bija Apvienotās Karalistes finanšu ministrs. Oficiāli komentāri vēl nav sniegti, bet policija ne izslēdz, kā bijuša premjerministra pasts uzlauzts britu mediju pasūtījuma. Ziņo, ka izmeklēšanu veiks tā pati komanda, kura izmeklē News International žurnālistu noklausīšanas lietu.

Pie tām News International noraidīja apsūdzības Browna korespondences zādzība.

Closed base. Inexpensive

In Astrakhan officer cadastral Chamber was selling personal data copied from a closed base.

Denis Sesorova, head of the IT division of the federal public institution "Land cadastral Chamber of the Astrakhan region, was detained in July this year on suspicion of abuse of authority. Sesorov has access to closed database "the unified State Register of land", in which he undertook from your work computer, use the personal login and password. It was revealed that Sesorov copied secret information and transmitted it to Dmitry Efimov, his accomplice, reward in 9.5-12 thousand rubles. Who, in turn, sold the land in the city for a fee in organizations ranging from 1.5 to 2 thousand rubles.

The database contains information on the status of monitoring land and spatial data infrastructure, information on land Astrakhan and right holders. Investigation has gathered sufficient evidence, the case will in the near future, the Court shall communicate to the press-service of СУ СКР in Astrakhan oblastj.

Patients sue UCLA over encrypted data breach

UCLA Health System faces a class-action lawsuit regarding a data breach that involved the electronic health records of 16,288 patients.

Even though the hard drive, which was stolen during a home invasion of a former employee, was encrypted, a piece of paper with the password needed to access patient data was lost as well, as FierceHealthcare previously noted.

The law firm Kabateck Brown Kellner, which is representing the affected patients, claims the California health system failed to keep patients' personal information confidential as required by state law.

The suit seeks $1,000 for each member of the class plus attorneys' fees, which could total as much as $16 million, notes iHealthBeat.

A few months before the September theft occurred, UCLA Heath System agreed to pay a fine of $865,000 and to develop a correction action plan to settle potential HIPAA privacy violations involving improper disclosures of medical records at its three hospitals.

Ex-Credit Suisse worker guilty of data theft

The Swiss Federal Criminal Court sentenced on Thursday a former employee of Credit Suisse to a two-year suspended sentence for breaching bank secrecy laws and money laundering.

The former bank worker was also fined 3,500 francs ($3,727) after he confessed to having stolen confidential client data before selling it on to German officials. The events go back to 2007, when the ex-Credit Suisse worker began pilfering confidential data “to kill time, out of passion and historical interest.”

One day, he accidentally left his briefcase at the gym where he worked out. An Austrian IT specialist, who also used the fitness centre, found the case and looked inside. There he discovered some compromising handwritten notes from the defendant and, recognizing the potential benefits, made the defendant an offer.

The Austrian then contacted German fiscal authorities. With the help of the Credit Suisse employee, he delivered confidential data on up to 2,500 account holders in Switzerland with bank deposits totalling around 2 billion francs ($2.13 billion).

In exchange, the Austrian man received €2.5 million ($2.25 million), while the defendant took a cut of €320,000 ($417,000), the Tribune de Genève reports.

After his arrest in September 2010, the Austrian hanged himself in his prison cell in Bern. The defendant was detained at his girlfriend’s home in the Czech Republic. Credit Suisse said it was glad the thief had been convicted. The Swiss bank paid a fine in September of €150 million ($185 million) to end the German investigation into tax evasion sparked by the data theft.