Kaiser Incident Leads Breach RoundupDispute Involves Document Storage Firm
In this week's breach roundup, a possible breach involving Kaiser Permanente and a business associate is being investigated by federal and state officials. Also, the University of North Carolina Lineberger Comprehensive Cancer Center has notified about 3,500 individuals that their information was exposed when hackers gained access to servers.
See Also: The Power and Scale of XDR
Possible Kaiser Breach Investigated
A possible breach involving Kaiser Permanente and one of its business associates is being investigated by federal and state officials, according to a Los Angeles Times report.
The California-based healthcare system and one of its business associates, Sure File Filing Systems, have been involved in a back-and-forth dispute involving the potential improper storage of patient information, according to the report.
Kaiser Permanente had contracts with Stephan and Liza Dean of Sure File Filing Systems, a document storage firm, to store nearly 300,000 paper records, the newspaper reported. Beginning in 2008, Kaiser granted the Deans the job of organizing and clearing out thousands of old patient files from Moreno Valley Community Hospital. The files were moved to a warehouse in Indio, the LA Times, said.
Stephan Dean told the newspaper that hospital clerks e-mailed him routinely to pull information on specific patients, often listing the patient's full name in the subject line, along with other messages listing patient Social Security numbers, date of birth, doctors' names and treatment dates.
In January 2010, Kaiser gave the Deans another job, deactivating and storing about 345,000 records from its West Los Angeles Medical Center, the newspaper reports.
After beginning the West Los Angeles job, Dean stopped working due to contractual disputes with Kaiser. In July 2010, Kaiser terminated its contract with the Deans.
The U.S. Department of Health and Human Services began investigating when the Deans issued a complaint about the healthcare provider's handling of patient information, the newspaper reports.
In October 2012, Kaiser-Permanente sued the Deans and accused them of violating their contract by not returning all patient information, the LA Times said.
Hacking Incident Affects 3,500
The University of North Carolina Lineberger Comprehensive Cancer Center has notified about 3,500 individuals, including employees, contractors and visiting lecturers, that their information was exposed when hackers gained access to two servers.
Compromised information includes Social Security numbers and passport numbers, along with other personal data, the Chapel Hill News reports.
In a letter to affected individuals, the newspaper reports, center director Shelley Earp wrote, "Despite our investigation, we are unable to say for sure whether your personal information was accessed by an unauthorized person as a result of this incident."
Once the breach was discovered by information technology employees, the servers were blocked. The breach affected administrative servers that don't typically store patient data, the newspaper reported.
The two servers contained 1.6 million files, but forensics investigators determined that 3,300 files had been accessed during the window of vulnerability, a hospital spokesman told the newspaper.
Canada: Breach Sparks Investigation
The Office of the Privacy Commissioner of Canada is investigating a federal data breach affecting 5,000 Canadians.
An employee at Human Resources and Skills Development Canada lost a USB drive that contained personal information, including social insurance numbers, on 5,000 Canadians, according to Canada's Metro News.