Abandoned Records Lead Breach RoundupFiles Left Vulnerable at Shuttered Hospital
In this week's breach roundup, an investigation found confidential medical files were vulnerable at an abandoned Chicago hospital. Also, Edgewood Partners Insurance Center in San Francisco is notifying an undisclosed number of individuals of a breach involving five stolen laptops.
See Also: The Global State of Online Digital Trust
Medical Records Found at Closed Hospital
Confidential medical files were found in a building that formerly was the site of Edgewater Medical Center in Chicago.
An investigation by the Chicago Tribune found that Social Security numbers and other sensitive patient information were vulnerable, although security guards are present.
When the Illinois Department of Public Health conducted an investigation in 2009, it found that the door to a room on the eighth floor of the facility that housed the medical records did not have a lock and medical files were scattered throughout the building, according to the Tribune. The hospital has had several break-ins in the past, the news report said.
As a result of the investigation, new locks were added to rooms where medical records are located. But according to the Tribune, state officials did not conduct a follow-up visit to confirm the security of the records.
5 Laptops Stolen from Insurance Firm
Edgewood Partners Insurance Center in San Francisco is notifying an undisclosed number of individuals of a breach stemming from the theft of five unencrypted laptops.
EPIC is a retail property and casualty and employee benefits insurance brokerage and consulting firm.
When the company learned of the theft, it reported the incident to law enforcement authorities and began an investigation to determine what was stored on the devices, according to a notification letter provided to the California Attorney General's Office.
One of the laptops contained information regarding current and former employees, job applicants, and independent contractors of EPIC and related companies, and companies for which EPIC performs human resources functions, the notice said. Information about certain beneficiaries and dependents of employees and former employees also was included.
The laptops included names, addresses, dates of birth, benefit information and Social Security numbers, the notice said. In some cases, limited financial or bank account information or health information may have been involved.
Debt History, Criminal Records Posted
The UK Information Commissioner's Office is investigating how information on 1,300 individuals collected by the Newcastle Citizen's Advice Bureau was made available on the Internet.
Newcastle CAB, located in England, offers free services providing general advice and information across many different subject areas, according to the organization's website.
While details are scarce on how the data ended up online, the compromised information includes names, addresses, debt history and criminal records, according to the BBC. Newcastle CAB is notifying the affected individuals.
"The ICO are aware of this incident and we are working with [Newcastle CAB] ... taking urgent action to contact anyone who may have been affected by this incident and fully resolving any issues," said Shona Alexander, chief executive of Newcastle CAB.