Court Breach Leads RoundupHacked Washington State Website Stored Personal Data
In this week's roundup, a breach of the Washington state court system public website may have exposed 160,000 Social Security numbers and 1 million driver's license numbers. Also, Presbyterian Anesthesia Associates in Charlotte, N.C., reports a data breach that may have compromised the credit card information of 10,000 patients.
Hackers Breach Washington State Court Website
A breach of the Washington State Administrative Office of the Courts' public website may have exposed as many as 160,000 Social Security numbers and 1 million driver's license numbers.
So far, the court has confirmed that the hackers actually obtained 94 Social Security numbers, according to a news release.
A Reuters report says hackers exploited a portion of a commercial software product to gain access to information.
Names and Social Security numbers may have been exposed for anyone booked into a city or county jail within the state of Washington between September 2011 and December 2012, the court reports
Those whose driver's license numbers and names may have been compromised include anyone who received a DUI citation in Washington State between 1989 through 2011; anyone who had a traffic case in Washington State filed or resolved in a district or municipal court between 2011 through 2012; and anyone who had a superior court criminal case in Washington State that was filed against them or resolved between 2011 through 2012.
Washington State Consolidated Technology Services and the Multi-State Information Sharing & Analysis Center are assisting in the court's investigation, the news release said.
The court did not respond to a request for comment.
Patients' Credit Card Info Accessed
Presbyterian Anesthesia Associates in Charlotte, N.C., reports that a data breach may have compromised the credit card information of 10,000 patients.
The medical practice disclosed in a press release that a hacker exploited a security flaw on the organization's website and gained access to a database that contained names, contact information, dates of birth, e-mail addresses, phone numbers, credit card numbers, expiration dates and security codes.
Presbyterian Anesthesia is providing individuals with free credit monitoring services, according to the release. The practice is also working to build a more secure website, and it's contracting with an IT security firm to audit its operations.
Stolen Laptop Contains Patient Info
Indiana University Health Arnett is notifying 10,300 patients about the theft of an unencrypted laptop.
On April 10, the Lafayette, Ind.-based unit of the university's health system learned that the device was stolen the previous day from an employee's car, according to an online news release. The organization has notified the White County Sheriff's Office about the incident.
E-mails stored on the laptop's hard drive may have contained patient names, dates of birth, physicians' names, medical record numbers, diagnoses and dates of services, the news release says.
Patient Data Exposed in E-mail Error
The Regional Medical Center in Memphis, Tenn., is notifying an undisclosed number of patients that their information may have been exposed in three separate e-mail incidents.
The medical center on March 15 discovered that three e-mails including personal information of some outpatient physical therapy patients were transmitted on Oct. 29, 2012, Nov. 1, 2012 and Feb. 4, according to a notice issued on the organization's website.
Information in the e-mails includes patient name, patient account number, date of birth, Social Security number, home phone number and type/reason for physical therapy services.
Local CBS affiliate WREG reports that approximately 1,200 patients were affected.
Although the medical center has not received any indication that any patient's information has been inappropriately used or disclosed, it's offering one year of free credit monitoring for affected patients.
The medical center did not respond to a request for comment.