Post-Breach Firings Lead RoundupEmployees Viewed Health Info; Cyberattack Hits Health Exchange
In this week's breach roundup, five employees of the British Columbia Ministry of Health's pharmaceutical services division have been fired after inappropriately accessing medical information. Also, hackers recently posted garbled words and blurred headlines on the informational pages of the Utah Health Exchange's website.
5 Fired After Health Info Breach
Five employees of the British Columbia Ministry of Health's pharmaceutical services division have been fired after they inappropriately accessed medical information, according to CBC News.
The employees, who were at first suspended, worked in the area of research and evidence development, awarding drug research contracts for the ministry in Canada, according to The Vancouver Sun.
The ministry workers and two research contractors inappropriately accessed health data, according to the ministry. The agreements with two research contractors have been terminated until an investigation into the incident has been completed, the report explains.
'Graffiti' Hack Affects Health Exchange
Hackers recently posted garbled words and blurred headlines on the informational pages on the Utah Health Exchange, a virtual marketplace where small business employers and employees can shop for health insurance and obtain price quotes, according to The Salt Lake City Tribune.
""It was a pure act of graffiti," Mike Sullivan, spokesman for the Governor's Office of Economic Development where the exchange is housed, told the newspaper. "You couldn't access some of the pages."
For 10 days the insurance exchange's website was "inoperable," Sullivan says, although no personal information apparently was compromised. All transactions involving sharing personal information are conducted on a separate site.
The attack comes in the wake of a breach of a server at the Utah Department of Technology Services that affected 780,000 individuals (see: Utah Breach: Governor Takes Action).
Phishing Scheme Affects 2,500
Approximately 2,500 clients are being notified by the Cabinet for Health and Family Services in Kentucky about a breach caused by an employee responding to a phishing e-mail in July.
An employee with the Cabinet's Department for Community Based Services responded to a phishing e-mail, and unauthorized activity on the account was identified shortly thereafter, according to a press release. The account was then disabled.
The hacker had access to the account for a brief period of time; the cabinet says there's no evidence that the confidential contents were accessed or viewed. Those being notified include individuals in the National Youth Transition Database, which consists of individuals transitioning out of the foster care system, the release says. Some of the affected individuals are still minors, according to Gwenda Bond, a cabinet spokesperson.
Information in the database includes names and addresses. "Neither Social Security numbers nor health information/diagnoses are included in the database," Bond says.
Stolen Laptop Affects Children
The Edinburgh City Council in Scotland, which operates a foster care system, is notifying an undisclosed number of individuals after a laptop computer containing sensitive details on children was stolen from a member of the fostering and adoption panel, according to the Edinburgh Evening News.
Information on the laptop may include details on children who were removed from their parents by social services, the news report says. Other compromised information includes files and minutes from dozens of reviews. Police are conducting an investigation.