Benefits Portal Breach Leads RoundupGlitch Exposed Benefits Information for VA, Dept. of Defense
In this week's breach roundup, a software defect compromised the benefits web portal of the U.S. departments of Veterans Affairs and Defense. Also, an emergency communications service in Bellevue, Wash., is investigating the security breach of a server that stored records about medical responses.
VA, DoD Breach Exposes Personal Info
A software defect compromised eBenefits, the benefits web portal of the U.S. departments of Veterans Affairs and Defense, exposing information on almost 5,400 of the site's users. The incident occurred during a limited period of time in mid-January during a software upgrade, a spokesperson for the VA says.
In that time frame, some veterans and service members who had registered and logged into eBenefits were able to see a combination of their own information as well as data from other eBenefits users, according the VA spokesperson. It's unclear what specific information was compromised.
Once the defect was discovered, the VA shut down the eBenefits system to limit the exposure and address the problem, the statement says.
The VA's independent Data Breach Core Team is investigating the incident. The VA is offering free credit monitoring for the affected individuals.
Emergency Call Data Breached
The North East King County Regional Public Safety Communication Agency in Bellevue, Wash., is working with local and federal law enforcement to investigate the breach of a server that stored records of an estimated 6,000 medical responses.
Potentially compromised information includes names, addresses, dates of birth, nature of emergency call and initial medical condition, NORCOM says.
The affected files also contained personnel data for 231 full-time and volunteer firefighters who work or have worked for Duvall Fire District 45, Skykomish Fire Department and Snoqualmie Pass Fire & Rescue (Fire District 51). That information could include driver's license information, date of birth, Social Security number, emergency contact and limited medical information.
"Immediately when the breach was discovered, NORCOM took swift actions to identify and analyze the depth of the breach; we are working with the Bellevue Police Department and with the United States Secret Service's Electronic Crimes Task force on this investigation," said Tom Orr, executive director of NORCOM.
Medicaid Information Mismailed
Maryland's Department of Health and Mental Hygiene is notifying about 1,100 individuals that their Medicaid enrollment packages were mistakenly sent to the wrong address due to a programming error by Noridian, the prime contractor for the Maryland Health Benefit Exchange.
Information in the Medicaid enrollment package includes name, date of birth and Medicaid ID number, the department says.
Computer Missing From Clinic
Phoebe Putney Memorial Hospital in Albany Ga., reports that an unencrypted desktop computer is missing from one of its clinics.
The hospital immediately contacted the Albany Police Department and began a thorough internal investigation, including hiring an expert computer forensics company, to identify the information on the computer.
The missing computer may have contained patient information, including patient names, addresses, dates of birth, dates of service, physician's names and diagnosis information, the hospital says.
While the hospital's statement didn't reveal the number of individuals, news reports are saying 6,700 patients could be affected.