Stolen Laptop Leads Breach Roundup27,000 Patients Affected at Heart Clinic
In this week's breach roundup, Blount Memorial Hospital in Maryville, Tenn., is notifying 27,000 patients about a breach involving a stolen laptop. Also, Barnes and Noble Booksellers has confirmed a point-of-sale card reading device breach at 63 of its locations.
See Also: The Global State of Online Digital Trust
Stolen Laptop Affects 27,000 Patients
Blount Memorial Hospital in Maryville, Tenn., is notifying 27,000 patients about a breach stemming from the theft of an unencrypted laptop.
The laptop contained patient registration records but no medical information. It was stolen Aug. 25 from the home of an employee of Blount Heart Consultants, which is affiliated with the hospital, according to a hospital statement.
Two groups of patient information were stored on the laptop. The first group, including approximately 22,000 patient records, contained patient name, date of birth, responsible party name, patient address, physician name and billing information. The second group of 5,000 patient and responsible party records contained the same information, plus Social Security numbers, the statement said.
POS Breach at 63 Barnes & Noble Stores
Although Barnes & Noble did not say when it discovered the breach, the company announced that it had determined through an internal investigation that the compromise was linked to device tampering at stores in California, Connecticut, Florida, Illinois, Maine, New Jersey, New York, Pennsylvania and Rhode Island. In a statement posted Oct. 24, the bookseller says all PIN pads within its nearly 700 stores nationwide were disconnected and replaced by Sept. 14.
"The tampering, which affected fewer than 1 percent of PIN pads in Barnes & Noble stores, was a sophisticated criminal effort to steal credit card information, debit card information, and debit card PIN numbers from customers who swiped their cards through PIN pads when they made purchases," the statement says. "This situation involved only purchases in which a customer swiped a credit or debit card in a store using one of the compromised PIN pads."
Barnes & Noble says its customer database is secure, and purchases made on Barnes & Noble.com, as well as those made with NOOK tablets and NOOK mobile applications, have not been affected. The bookseller's member database also was not affected, the company says, and no compromised PIN pads were discovered at Barnes & Noble College Bookstores.
Council Appeals Breach Fine
The Scottish Borders Council is appealing a Â£250,000 breach fine from the UK's Information Commissioner's Office, according to local news reports.
The council is a local government entity that oversees the Scottish Borders area of Scotland.
The fine was issued after hundreds of former employees' pension records were found in a recycling bin in a supermarket parking lot (see: Records Dumping Triggers Hefty Fine).
A council spokesman said that the ICO has until Nov. 2 to file a reply to the appeal, after which time the case will go before a three-judge panel for a decision, the news report said.
Employee Info Compromised in E-mail Error
Network Housing Group, located in Middlesex, London, mistakenly e-mailed about 300 staff members a spreadsheet that contained sensitive employee information, according to Inside Housing, a news site covering social housing in the UK.
Network Housing Group consists of six registered housing providers that own and manage 17,500 homes across London.
The information exposed includes employees' sexuality, ethnicity and disability status, according to the news report.
An investigation has been launched by the organization. According to a spokesperson, "all possible remedial action was taken to mitigate the disclosure."
The UK Information Commissioner's Office has stated it will investigate the incident, the report said.