Laptop Theft Leads Breach RoundupPatient Info Compromised; Gaming Servers Hacked
In this week's breach roundup, Apria Healthcare in California alerted 11,000 patients about a data breach after a company-owned employee laptop containing patient information was stolen from a locked vehicle.
Also, gaming company Blizzard Entertainment reported a breach of its Battle.net servers, affecting gamers worldwide.
Laptop Stolen from Car Affects 11,000
Home healthcare provider Apria Healthcare in Lake Forest, Calif. is alerting 11,000 patients of a data breach after a company-owned employee laptop containing patient names, Social Security numbers and possibly other protected health information was stolen from a locked vehicle in Phoenix, Ariz. on June 14.
"Because the employee managed billing functions for the company, the laptop contained information pertaining to patients served by the company in a number of states, including California, Arizona, New Mexico and Nevada," according to a press release.
The affected patients were notified by letter about the incident. Apria is offering all impacted patients complimentary credit monitoring services for one year.
"There has been no indication that any information has been accessed or misused," said Doreen Bellucci, Apria's associate general counsel and privacy officer.
While it's not clear whether the laptop was encrypted, Apria is in the process of encrypting all of the company's laptops and strengthening aspects of its HIPAA security program.
Blizzard Entertainment Reports Breach
Gaming company Blizzard Entertainment, publisher of the popular game World of Warcraft, has reported a breach of its Battle.net servers, affecting gamers worldwide. Battle.net is a centralized service used to access games.
In an FAQ posted to its Battle.net website, Blizzard explained that unauthorized and illegal access into its servers allowed gamer information to be viewed. For gamers worldwide who link to the company's North American servers, e-mail addresses, security question answers, cryptographically scrambled passwords and other additional authentication information were accessed.
Blizzard didn't disclose how many user accounts were affected. The incident is currently under investigation by law enforcement as well as security experts, the company said.
University of Arizona Servers Expose Personal Data
The University of Arizona notified 7,700 individuals that their personal information was compromised after the data was exposed on a server while the university was undergoing a move to a new central system.
Compromised information included names and Social Security numbers for vendors, consultants, guest speakers and UA students, according to Teresa Banks, manager for information security and compliance programs at the university.
The project involved information that was primarily publicly available data, Banks said. "Unfortunately, among the nearly 10,000 files associated with this work, 14 files contained sensitive data, with five of those files showing evidence of being accessed." The information was accessed between Feb. 2, 2012 and March 12, 2012.
A notification letter was sent out to affected individuals, and a follow-up letter was sent July 31. The university is also providing affected individuals with the option to have one year of complimentary credit monitoring services.