Insider Incident Leads Breach RoundupA Florida Hospital Reports Fraud Attempt
In this week's breach roundup, Holy Cross Hospital in Fort Lauderdale, Fla., is notifying 9,900 patients that a former employee inappropriately accessed their records with the apparent intent to commit fraud. Also, Virginia Tech reports that a computer server containing job application information was illegally accessed, exposing information on 145,000.
See Also: The Global State of Online Digital Trust
Florida Hospital Reports Insider Breach
Holy Cross Hospital in Fort Lauderdale, Fla., is notifying 9,900 patients that a former employee inappropriately accessed their records with the apparent intent to commit fraud.
The compromised information includes patient names, dates of birth, addresses and Social Security numbers, according to a press release. The information was inappropriately accessed from November 2011 to August 2013.
The intention of the employee may have been to utilize the information in filing fraudulent tax returns, according to the hospital's investigation. But so far, there's no evidence fraud was committed, the hospital reports. "The employee was terminated, and efforts are under way to prosecute this individual to the fullest extent possible," the press release says.
All affected patients are being offered free credit monitoring services.
Virginia Tech Server Breached
Virginia Tech says certain personal information on 145,000 individuals was potentially exposed when a computer server in its human resources department was illegally accessed.
The server contained information on individuals who used the institution's online employment application process to apply for jobs between 2003 and 2013, according to a statement issued on the university's website.
Virginia Tech's online application asks applicants to "indicate your professional licenses, certificates, or other authorizations to practice a trade or profession." In response, 16,642 of the applicants provided their driver's license number, the university says. To comply with state law, the university says it's mailing a letter to notify those individuals their driver's license number may have been illegally accessed.
For both staff and faculty applicants, names, addresses and prior convictions were exposed. For staff applicants, employment history and education history were exposed.
As a result of the incident, the human resources department has encrypted files containing sensitive data and has provided additional training to its staff.
Accounting Firm Hit by Hard Drive Theft
Clark & Anderson, P.A., a public accounting firm based in Maryland, is notifying 2,900 individuals that a hard drive containing client data was stolen from a staff member's car parked at his home.
The theft was reported to law enforcement authorities, according to a notice sent to Maryland's Attorney General's Office.
Individuals' specific information on the hard drive varied, and may have included name, address, telephone numbers, date of birth, bank account information, brokerage account information and Social Security number, the company says.
The accounting firm says it's strengthening its security protocols as a result of the incident.