College Breach Leads Roundup125,000 Student Application Records Compromised
In this week's breach roundup, hackers unlawfully accessed archived information about applicants at an Iowa college. Also, a Department of Veterans Affairs medical center is notifying more than 7,400 patients of a breach stemming from a missing laptop.
Hackers Access College Application Records
Hackers using an international IP address recently unlawfully accessed an online database containing student admissions records for Kirkwood Community College in Cedar Rapids, Iowa.
The hackers accessed archived admissions records for individuals who applied to take Kirkwood college-credit classes, the college reports. The information spanned from February 2005 to March 13, 2013.
Although the college hasn't disclosed the number of individuals affected by the March incident, local ABC television affiliate KCRG is reporting 125,000 personal records were compromised in the hacker attack.
Information stored in the records may have included applicant names, birthdates, race, contact information and Social Security numbers, according to an FAQ on the college's website. No financial data or academic records, including grades and financial aid information, were stored in the system.
The college is offering affected applicants free identity protection services.
Missing Laptop Affects 7,400
The William Jennings Bryan Dorn VA Medical Center in Columbia, S.C., is notifying more than 7,400 patients that their personal information may have been compromised as a result of a missing laptop.
On Feb. 11, an unencrypted laptop was reported missing from the hospital's respiratory therapy department, according to the notification letter. Stored on the laptop was personal information on veterans who had received pulmonary function tests. That includes test results as well as the last four digits of Social Security numbers and certain demographic information, including age, race, weight and, in some cases, birthdates.
In the wake of the incident, all laptops linked to medical devices have been physically protected. The medical center now also requires clinical staff to "securely store and purge all personally identifiable information from medical devices," according to the letter. The hospital is providing affected patients free credit monitoring for one year.
Hospice Break-In Compromises Patient Info
About 5,400 patients of Hospice of Alamance Caswell in North Carolina are being notified of a breach tied to the theft of three laptops.
Two 19-year-old suspects have been arrested in connection with the incident, according to a notice from the hospice.
On Feb. 24, 2013, vandals broke into the hospice's main office building in Burlington and stole several items, including the laptops, the notice states.
Although the patient databases stored on the laptops were fully encrypted, the laptops also contained unencrypted e-mails with limited patient health information about a small percentage of patients, the hospice says.
The vandals also accessed rooms that contained paper medical and billing records. The paper records contained names, addresses, phone numbers, dates of birth, Medicare or other health insurance numbers, prescribed medications and full or partial Social Security numbers.
A police investigation did not reveal any evidence that any paper records were viewed or taken.
As a result of this incident, the hospice is making improvements to the physical security of its office building. It's offering one year of free credit monitoring to the patients affected.