Information security analytics

Palo Alto Online reports on a lawsuit stemming from allegations that a teacher improperly disclosed a student’s confidential health information to parents of a second student, resulting in the district attempting to place the first student in another district for fear of health concerns for the second student. As a result of the teacher’s actions, the parents sued for embarrassment, humiliation, medical costs incurred, recovery of attorney’s fees to fight the district’s attempt to move their son to another district, and the disruption to their family.

Seriously, these attachment errors are pretty inexcusable, aren’t they? Brian Eason reports: The University of Mississippi Medical Center mistakenly gave out social security numbers, grade point averages and other personal information for most of its student body this week, violating state and federal privacy laws.

A Barclays Bank employee has received a fine of £3,360 for illegally accessing customer data. Jennifer Addo, 27, was prosecuted under section 55 of the Data Protection Act for 23 offences, including passing on details of a customer’s children. The bank was initially alerted when the customer contacted the bank to report that information taken from his account was passed on to his partner at the time.

Press statement by Emil Kolb, Chair of The Region of Peel, Regarding a Breach of Personal Health Information from a Public Health Program: Despite having practices and protocols in place to protect the privacy of our clients, we have had a breach of personal health information that affects more than 18,000 clients who participated in Peel Public Health’s Healthy Babies Healthy Children program.

Here’s another case where a breach was discovered by a routine audit. Michael Barrett reports: An unsecure email sent by a CaroMont Health employee has resulted in a possible security breach involving hundreds of patients’ personal health records. The email in question contained protected health information, including names, dates of birth, addresses, telephone numbers, medical record numbers, diagnoses, last dates of service, medications and insurance company names for 1,310 patients. The Medicare numbers for two of those patients were also included on the email.

Clinical Reference Laboratory provides lab tests for Massachusetts Mutual Life Insurance policy applicants. On September 17, they learned that a billing sent to MassMutual on September with applicants’ names, dates of birth, type of lab test performed, and/or partial or full Social Security numbers had been damaged in transit with  USPS and some pages were missing. Copies of their notification letters to those affected are available on California Attorney General’s web site.  Those affected were offered services with Equifax Gold Watch.

Switzerland’s biggest telecommunications provider Swisscom has launched a criminal complaint after tapes containing company data were stolen and passed on to a Swiss newspaper. The Neue Zürcher Zeitung newspaper said on Wednesday that it had received four files of information. Names and contact details of Swisscom clients and the status of various projects were contained amid more mundane internal emails arranging barbeques and company cars, the NZZ reported.

Thousands of motorists have had personal details sold to third parties, despite explicitly asking for privacy, more than two years after the law was changed to protect their information. The New Zealand Transport Agency operates the Motor Vehicle Register, which records information about vehicles and their owners, including names, addresses and dates of birth. In May 2011, drivers were given the choice to "opt out" from having their details publicly available.

A former Columbus Urban League official pleaded guilty Friday to one count of fraud and one count of identity theft. According to testimony with the Department of Labor, Director of Education Services Ovell Harrison, 55, used computers at his office to prepare and submit false invoices to the Urban League. The U. S attorney’s office says he made it appear that the invoices were for contractor’s services to the Urban League. The contractors were unknowing persons Harrison knew personally.

North Massapequa couple accused of stealing credit card information. A waitress at a Seaford restaurant stole credit card information from her customer and, along with her boyfriend used it to make over $1,000 in fast food purchases, Nassau Police said. Christina Heanue, of North Massapequa, allegedly took the credit card information while working as a waitress at Butera's restaurant. She shared the information with her live-in boyfriend, Philip Ferrito, 26, and they used the card to rack up $1,060 in purchases at fast food joints,  since June 26, cops said.