Abandoned Records Lead Breach Roundup

Files Left Vulnerable at Shuttered Hospital
Abandoned Records Lead Breach Roundup

In this week's breach roundup, an investigation found confidential medical files were vulnerable at an abandoned Chicago hospital. Also, Edgewood Partners Insurance Center in San Francisco is notifying an undisclosed number of individuals of a breach involving five stolen laptops.

See Also: Webinar | The Future of Adaptive Authentication in Financial Services

Medical Records Found at Closed Hospital

Confidential medical files were found in a building that formerly was the site of Edgewater Medical Center in Chicago.

An investigation by the Chicago Tribune found that Social Security numbers and other sensitive patient information were vulnerable, although security guards are present.

When the Illinois Department of Public Health conducted an investigation in 2009, it found that the door to a room on the eighth floor of the facility that housed the medical records did not have a lock and medical files were scattered throughout the building, according to the Tribune. The hospital has had several break-ins in the past, the news report said.

As a result of the investigation, new locks were added to rooms where medical records are located. But according to the Tribune, state officials did not conduct a follow-up visit to confirm the security of the records.

5 Laptops Stolen from Insurance Firm

Edgewood Partners Insurance Center in San Francisco is notifying an undisclosed number of individuals of a breach stemming from the theft of five unencrypted laptops.

EPIC is a retail property and casualty and employee benefits insurance brokerage and consulting firm.

When the company learned of the theft, it reported the incident to law enforcement authorities and began an investigation to determine what was stored on the devices, according to a notification letter provided to the California Attorney General's Office.

One of the laptops contained information regarding current and former employees, job applicants, and independent contractors of EPIC and related companies, and companies for which EPIC performs human resources functions, the notice said. Information about certain beneficiaries and dependents of employees and former employees also was included.

The laptops included names, addresses, dates of birth, benefit information and Social Security numbers, the notice said. In some cases, limited financial or bank account information or health information may have been involved.

Debt History, Criminal Records Posted

The UK Information Commissioner's Office is investigating how information on 1,300 individuals collected by the Newcastle Citizen's Advice Bureau was made available on the Internet.

Newcastle CAB, located in England, offers free services providing general advice and information across many different subject areas, according to the organization's website.

While details are scarce on how the data ended up online, the compromised information includes names, addresses, debt history and criminal records, according to the BBC. Newcastle CAB is notifying the affected individuals.

"The ICO are aware of this incident and we are working with [Newcastle CAB] ... taking urgent action to contact anyone who may have been affected by this incident and fully resolving any issues," said Shona Alexander, chief executive of Newcastle CAB.


About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.