Data Breaches

Breach Subtotal

Breach Type: all
Organization Type: all
Year(s) of Breach: 2015
Company or Organization: all
Date Made Public:
June 7, 2018
Company: Erpiron ore llc
Location:
Type of breach:
UNKN
Type of organization:
UNKN
Records Breached:
700

Information on this security breach is provided by the Office of the Indiana Attorney General

Information Source:
Indiana Attorney General
Date Made Public:
September 6, 2016
Company: Ocean Acquisitions, Inc.
Location: Greenwich, Connecticut
Type of breach:
PHYS
Type of organization:
BSO
Records Breached:
659

"In December 2015, Oceans Acquisitions, Inc. began notifying patients in the Abilene area about a possible data security breach that may have resulted in exposure of a limited amount of protected health information (PHI). The potential exposure occurred when a laptop was stolen from an employee’s car. The laptop stored emails that potentially contained PHI such as names, dates of birth, medical record numbers, diagnoses, payer information and admission dates. No patient social security numbers or bank account information was included in the emails. Upon learning PHI may have been present on the device, Oceans immediately took steps to identify the individuals with the potential to be impacted."

Information Source:
Databreaches.net
Date Made Public:
April 18, 2016
Company: Hunt Regional Medical Partners
Location: Greenville, Texas
Type of breach:
DISC
Type of organization:
MED
Records Breached:
3,000

"Vandals broke into a building storing paper protected health information (PHI) for the covered entity (CE), Hunt Regional Medical Partners.  The types of PHI involved in the breach included patients' names, addresses, dates of birth, Social Security numbers, claims information, and patients' chart information. Approximately 3,000 individuals were affected."

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

Information Source:
Government Agency
Date Made Public:
February 26, 2016
Company: University California Berkeley
Location: Berkeley, California
Type of breach:
HACK
Type of organization:
EDU
Records Breached:
80,000

"Campus officials are alerting nearly 80,000 current and former faculty, staff, students and vendors about a criminal cyber security breach on a campus system, making vulnerable thousands of Social Security or bank account numbers.

The data breach occurred Dec. 28 to a portion of Berkeley Financial System, or BFS, a software used by the campus for financial management.

“We don’t see any evidence that this is the kind of attacker that actually did access the data or did anything to take that data from the system,” said campus Chief Information Security Officer Paul Rivers in a phone press conference Friday.

The system that houses BFS is large and complicated, Rivers said, containing numerous machines and various types of software packages. When the campus detected a vulnerability in one of these areas in November, the campus began installing and testing a security fix — known as a patch — which can take weeks, Rivers said during the press call. During this process, attackers were able to discover a security flaw and gained access to the system.

BFS contains the information of about 50 percent of current students and 65 percent of active employees. Affected individuals largely include students, faculty and staff who received payments from the campus, mainly through electronic fund transfers. Those who received paper payments, however, may have also been affected.

A private computer investigation firm was retained by the campus to further determine whether personal information was compromised. The campus will send notice letters in the mail with more information about free credit monitoring and insurance to those who were potentially impacted starting Friday.

According to Rivers, this is the third significant breach UC Berkeley has seen in the past five years.

Within a day of the unauthorized intrusion Dec. 28, the campus’s security team had detected and began efforts to contain the attack, according to campus spokesperson Janet Gilmore.

Once campus IT staff identified the unauthorized access, they forensically preserved copies of the system for investigation purposes and took affected servers offline for about two weeks to prevent further access. When the campus shut down BFS and supporting systems, some students received emails in early January notifying them of possible disruptions to financial aid disbursements."

More information: http://www.dailycal.org/2016/02/26/campus-notifies-nearly-80000-students...

Information Source:
Media
Date Made Public:
February 6, 2016
Company: Senior Health Partners
Location: New York, New York
Type of breach:
PORT
Type of organization:
MED
Records Breached:
2,772

Health and Human Services has reported a breach with Senior Health Partners when a portable device was stolen.

More Information:https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

Information Source:
Government Agency
Date Made Public:
February 6, 2016
Company: Ocean Acquisitions, Inc.
Location: Greenwich, Connecticut
Type of breach:
PORT
Type of organization:
BSO
Records Breached:
659

"In December 2015, Oceans Acquisitions, Inc. began notifying patients in the Abilene area about a possible data security breach that may have resulted in exposure of a limited amount of protected health information (PHI). The potential exposure occurred when a laptop was stolen from an employee’s car. The laptop stored emails that potentially contained PHI such as names, dates of birth, medical record numbers, diagnoses, payer information and admission dates. No patient social security numbers or bank account information was included in the emails. Upon learning PHI may have been present on the device, Oceans immediately took steps to identify the individuals with the potential to be impacted."

Information Source:
Databreaches.net
Date Made Public:
January 15, 2016
Company: Virginia Department of Human Resources Management
Location: Richmond, Virginia
Type of breach:
DISC
Type of organization:
GOV
Records Breached:
0

The Department of Human Resources was notified by a third party that accidental disclosure of employee information was found on their website when improper redaction of documents was discovered.

The information exposed included Social Security numbers, and salary.

More information: http://www.databreaches.net/improper-redaction-exposed-virginia-employee...

Information Source:
Databreaches.net
Date Made Public:
January 7, 2016
Company: Aspire Indiana Inc.
Location: Lebanon, Indiana
Type of breach:
PORT
Type of organization:
MED
Records Breached:
43,890

According to Health and Human Services Aspire Indiana Inc. suffered a data breach when a laptop was stolen from their facitlity. They did not report as to what specific personal information was on the laptop.

More information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

Information Source:
Government Agency
Date Made Public:
January 4, 2016
Company: Regional Income Tax Agency
Location: Brecksville, Ohio
Type of breach:
PORT
Type of organization:
GOV
Records Breached:
50,000

The Regional Income Tax Agency notified indivudals that it lost personal data when a DVD that contained copies of income tax documents went missing.

"The agency stored DVD's off-site at a third party vendor's facility. The missing DVD was discovered when RITA recalles some DVDs to destroy them. The agency has moved to a new more secure backup system, making the DVDs obsolete, according to the agency."

More information: http://www.cleveland.com/metro/index.ssf/2016/01/rita_loses_personal_inf...

Information Source:
Media
Date Made Public:
December 31, 2015
Company: Hillsides
Location: Los Angeles, California
Type of breach:
DISC
Type of organization:
MED
Records Breached:
0

Hillsides is notifying individuals of a data breach when an employee send internal files that included personal information on both employees of the organization and patients of the organization.

The information included names, hiring dates, job titles, division descriptions, Social Security numbers, home addresses, zip codes and home phone numbers. In some instances the emails also included therapists names, Integrated System numbers, stard dates for services, outcome dates, parent partner names, names of rehabilitation specialists, rehab clinics, and gender.

For questions call 1-323-543-2800 between the hours of 8:30am through 4:30 pm Monday to Friday. Or email taikins@hillsides.org.

More information: http://oag.ca.gov/ecrime/databreach/reports/sb24-59475

Information Source:
Date Made Public:
December 31, 2015
Company: Point Breeze Credit Union
Location: Hunt Valley, Maryland
Type of breach:
DISC
Type of organization:
BSF
Records Breached:
389

Point Breeze Credit Union notified customers of a data breach when an error in processing the December 2015 credit card statement inadvertently disclosed customer information.

The information compromised included names, mailing addresses and membership numbers.

More Information: https://www.oag.state.md.us/idtheft/Breach%20Notices/2015/itu-262311%20(1).pdf

Information Source:
Maryland Attorney General
Date Made Public:
December 31, 2015
Company: Pittman Family Dental
Location: , Ohio
Type of breach:
HACK
Type of organization:
MED
Records Breached:
8,830

An unauthorized third-party accessed protected health information (PHI), according to the forensic firm that the covered entity (CE), Pittman Family Dental, retained to investigate abnormal activity on its computer server. Approximately 8,830 individuals were affected by the breach. The server included full names, social security numbers (of 5,007 individuals), driver’s license numbers, dates of birth, home addresses, treatment notes, and insurance information. The CE provided breach notification to HHS, affected individuals, and the media. To prevent a similar breach from happening in the future, the CE scrubbed and reinstalled its server, installed an anti-virus/malware solution, and contracted with a company to provide an updated risk analysis and additional training. OCR obtained written assurances that the CE implemented the corrective actions listed above.

Location of breached information: Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
December 30, 2015
Company: Hillsides
Location: , California
Type of breach:
DISC
Type of organization:
MED
Records Breached:
502

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
December 30, 2015
Company: St. Luke's Cornwall Hospital
Location: , New York
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
29,156

Location of breached information: Other Portable Electronic Device

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
December 28, 2015
Company: Oregon Department of Veterans Affair
Location: Portland, Oregon
Type of breach:
DISC
Type of organization:
GOV
Records Breached:
967

The Oregon Department of Veterans Affairs notified patients of a data breach when they found discharge and release papers with an unauthorized individual.

The information compromised included names, addresses, Social Security numbers and dates of birth.

More information: http://ijpr.org/post/personal-info-hundreds-oregon-veterans-compromised#...

Information Source:
Media
Date Made Public:
December 28, 2015
Company: Michael Benjamin, M.D. Inc.
Location: West Hills, California
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
1,300

As reported by Health and Human Services theft/paper/films. No specific information as to what was contained in the emails was provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

Information Source:
Government Agency
Date Made Public:
December 28, 2015
Company: Flewelling & Mitton PC
Location: Louisville, Colorado
Type of breach:
PHYS
Type of organization:
BSF
Records Breached:
0

Flewelling & Mitton PC notified individuals of a data breach when their offices were broken into the morning of December 11, 2015. The individual broke the locks on several file cabinets that contained customer information.

The information compromised included names and Social Security numbers. They stated that the only thing stolen was petty cash.

More Information: https://www.oag.state.md.us/idtheft/Breach%20Notices/2015/itu-262309.pdf

Information Source:
Maryland Attorney General
Date Made Public:
December 28, 2015
Company: Michael Benjamin, M.D., Inc.
Location: , California
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
1,300

The covered entity (CE), Michael Benjamin, M.D., Inc., reported that the office and file cabinets were broken into and patient charts containing protected health information (PHI) were taken. The types of PHI involved in the breach included demographic information, recorded vital signs, insurance eligibility information, and some copies of insurance cards and driver’s licenses or identification. Although 1,300 patient charts were in the cabinet, only 100 were actually taken, and 30 of the 100 were recovered from law enforcement. The CE provided breach notification to affected individuals, HHS, and the media. Following the break-in, the CE implemented more robust HIPAA policies and procedures. The CE improved safeguards by reinforced the physical security of its office. OCR obtained assurances that the CE implemented the corrective actions noted above.

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
December 27, 2015
Company: University of Connecticut
Location: Storrs, Connecticut
Type of breach:
HACK
Type of organization:
EDU
Records Breached:
0

The University of Connecticut has notified individuals of a breach when malware was found on their website "prompting visitors to download a malicious program posing as Adobe Flash Player, according to a university spokesman."

More information: http://dailycampus.com/stories/uconn-website-compromised-malicious-program

Information Source:
Media
Date Made Public:
December 27, 2015
Company: Quincy Credit Union
Location: Boston, Massachusetts
Type of breach:
HACK
Type of organization:
BSF
Records Breached:
670

Quincy Credit Union was a target of malware that allowed hackers to gain access to customers bank accounts when skimmers were found on ATM machines.

"Quincy Credit Union president Stewart Steele told WBZ-TV an estimated 670 accounts were impacted. Steele said he believes skimmers may have been placed on the ATM machines. It’s unclear how much money was taken."

More information: http://boston.cbslocal.com/2015/12/27/quincy-credit-union-restricts-atm-...

 

Information Source:
Media
Date Made Public:
December 24, 2015
Company: HealthSouth Rehabilitation Hospital of Round Rock
Location: Round Rock, Texas
Type of breach:
PORT
Type of organization:
MED
Records Breached:
1,359

As reported by Health and Human Services theft/laptop. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

Information Source:
Government Agency
Date Made Public:
December 24, 2015
Company: HDIS, Inc.
Location: Olivette, Missouri
Type of breach:
HACK
Type of organization:
BSO
Records Breached:
0

"On behalf of our client, HDIS, Inc. (the "Company"), a supplier of incontinence related products, we write to advise you of an incident involving the unauthorized introduction of maiware onto the shopping cart program used on the Company's website, www.hdis.com. This malware resulted in the possible compromise of personal information of Company customers residing in Maryland. Based upon the Company's investigation, the malware was present from November 27, 2015 to November 30, 2015 and potentially exposed certain personal information of seven residents that was inputted by those customers during the online "checkout" process. The personal information that was potentially affected by the incident includes: customer name, address, credit or debit card number, payment card expiration date and the card's CVV security number. The Company does not collect customers' social security or driver's license numbers during the online checkout process and that data was in no way affected by the incident."

More Information: https://www.oag.state.md.us/idtheft/Breach%20Notices/2015/itu-262307.pdf

Information Source:
Maryland Attorney General
Date Made Public:
December 24, 2015
Company: SAS Safety Corporation
Location: Long Beach, California
Type of breach:
HACK
Type of organization:
BSO
Records Breached:
0

"On behalf of our client, SAS Safety Corporation (the "Company"), we write to advise you of an incident involving the unauthorized introduction of maiware onto the Company's website,
www.sassafety.com. This malware resulted in the possible compromise of personal information of Company customers residing in Maryland. Based upon the Company's investigation, the maiware was present from September 23, 2015 to December 8, 2013 and potentially exposed certain personal information of three residents that was inputted by those customers. The personal information that was potentially affected by the incident includes: customer name, address, credit or debit card number, payment card expiration date and the card's CVV security number. Additionally, the customer's logon identification and password for the website may have been affected. The Company does not collect customers' social security or driver's license numbers and that data was in no way affected by the incident."

More Information: https://www.oag.state.md.us/idtheft/Breach%20Notices/2015/itu-262306.pdf

Information Source:
Maryland Attorney General
Date Made Public:
December 24, 2015
Company: Livestream
Location: New York, New York
Type of breach:
HACK
Type of organization:
BSO
Records Breached:
0

"Live video streaming platform Livestream has discovered that an unauthorised person may have accessed its customer accounts database.

The database holds information such as a user's name, email address, an encrypted version of their password, as well as phone numbers and the customer's date of birth."

Information Source:
Media
Date Made Public:
December 24, 2015
Company: HealthSouth Rehabilitation Hospital of Round Rock
Location: , Texas
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
1,359

The CE reported that an employee’s unencrypted laptop computer was stolen from a vehicle. The CE determined that the laptop, which was password-protected, potentially included local copies of e-mails containing individuals’ names, addresses, dates of birth, social security numbers, phone numbers, insurance numbers, diagnoses, referral identification numbers or medical record numbers. The CE provided breach notification to HHS, affected individuals, and the media. At the time of the incident, the CE was in the process of acquiring another facility and encrypting laptops owned by the facility. In response to the breach, the CE took additional steps to locate and secure any other remaining laptops owned by the facility it was acquiring. Further, the CE implemented additional technical safeguards to prevent similar breaches and sanctioned the involved workforce member. OCR obtained assurances that the CE implemented the corrective actions listed above.

Location of breached information: Laptop

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
December 23, 2015
Company: Acclaim Technical Services
Location: Huntington Beach, California
Type of breach:
HACK
Type of organization:
BSO
Records Breached:
0

Acclaimed Technical Services has notified individuals of a data breach when their system was hacked compromising personal information of individuals who had a background check done with the company.

The information compromised included names, Social Security numbers, addresses, dates and places of birth, residency, educational and employment history, personal foreign travel history, information about immediate family, as well as business and other personal information contained in a background check.

More information: http://oag.ca.gov/ecrime/databreach/reports/sb24-59396

Information Source:
California Attorney General
Date Made Public:
December 23, 2015
Company: Matson Navigation Company (Horizon Lines)
Location: Phoenix, Arizona
Type of breach:
PORT
Type of organization:
BSO
Records Breached:
0

Horizon Lines has notified mariners who served on vessels operated by Horizon Lines that a device containing their personal information has been identified as missing.

The device was first identified as potentially missing on or about December 7, 2015 and appears to have been lost between November 9 and December 7, 2015. 

The device contained individualized information of mariners who have served aboard vessels operated by Horizon Lines since the year 2000.  The information compromised  included names, birth dates, addresses, telephone numbers, emergency contact information, Social Security numbers, and in some cases bank account and routing numbers, photocopies of passports, Transportation Worker Identification Credentials (TWIC), Merchant Mariner Documents (MMD) and Merchant Mariner Credentials (MMC), and copies of specific medical documents.

The company is offering AllClear ID for up to 12 months at no cost. For those affected call 1-855-711-5990.

More information: http://oag.ca.gov/ecrime/databreach/reports/sb24-59399

 

Information Source:
California Attorney General
Date Made Public:
December 23, 2015
Company: ST Psychotherapy, LLC
Location: Oshkosh, Wisconsin
Type of breach:
PORT
Type of organization:
MED
Records Breached:
509

As reported by Health and Human Services theft/laptop. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

Information Source:
Government Agency
Date Made Public:
December 23, 2015
Company: Allina Health
Location: Minneapolis, Minnesota
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
6,195

As reported by Health and Human Services improper disposal/paper films. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

Information Source:
Government Agency
Date Made Public:
December 23, 2015
Company: White Glove Health
Location: Austin, Texas
Type of breach:
DISC
Type of organization:
MED
Records Breached:
975

As reported by Health and Human Services unauthorized access/disclosure email. No specific information as to what information was compromised as provided by health and human services.

More Information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

Information Source:
Government Agency
Date Made Public:
December 23, 2015
Company: Farm to Feet
Location: Mount Airy, North Carolina
Type of breach:
HACK
Type of organization:
BSO
Records Breached:
0

"On November 18, 2015, Farm to Feet discovered information collected during the checkout page of its farmtofeet.com e-commerce site may have been subject to unauthorized acquisition.  Upon discovery, Farm to Feet immediately began to investigate this issue.  Third-party computer forensic experts were retained to assist with the investigation and to determine the impact on the security of Farm to Feet's system.  During this investigation, Farm to Feet confirmed this incident compromised the security of certain information used to make a purchase on the farmtofeet.com website between August 3, 2015 and November 18, 2015.  For customers who made purchases during this time period, Farm to Feet has determined this incident may have compromised the security of the customer's name, address, email address, credit card number, credit card expiration date and CVV2 data."

More Information: https://www.oag.state.md.us/idtheft/Breach%20Notices/2015/itu-262305.pdf

Information Source:
Maryland Attorney General
Date Made Public:
December 23, 2015
Company: WhiteGlove Health
Location: , Texas
Type of breach:
DISC
Type of organization:
MED
Records Breached:
975

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
December 23, 2015
Company: Allina Health
Location: , Minnesota
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
6,195

On October 27, 2015, the covered entity (CE), Alina Health, discovered that its janitorial vendor erroneously placed its patients’ protected health information (PHI) in the trash dumpster. The breach affected 6,195 individuals and the types of PHI involved included financial, demographic, and clinical information. The CE provided notification of the breach to HHS, affected individuals, and the media and also posted substitute notice on its website. Following the breach, the CE investigated the breach, updated its physical safeguards policy, and educated its workforce on its updated policy. OCR obtained a copy of the CE’s business associate agreement with Iron Mountain for PHI disposal services. OCR obtained documented assurances that the CE implemented the corrective actions taken in response to this breach incident.

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
December 23, 2015
Company: ST Psychotherapy, LLC
Location: , Wisconsin
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
509

The covered entity (CE), ST Psychotherapy, LLC, was burglarized sometime between October 21, 2015 and October 23, 2015, and a laptop computer containing the electronic protected health information (ePHI) of approximately 509 individuals was stolen. The laptop computer contained patients’ names, driver’s license numbers, dates of birth, social security numbers, clinical, and demographic information. The CE provided breach notification to HHS, affected individuals, and the media, and also filed a police report. To prevent similar breaches from happening in the future, the CE changed the locks on its office. The CE also encrypted the laptop that replaced the stolen one and completed training on safeguarding PHI and the uses and disclosures of PHI. OCR obtained written assurances that the CE implemented the corrective actions noted above.

Location of breached information: Laptop

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
December 22, 2015
Company: Dungarees
Location: Columbia, Missouri
Type of breach:
HACK
Type of organization:
BSR
Records Breached:
0

Dungarees has notified individuals of a data breach when they discovered their online store was hacked.

The hacking may have been compromised both debit and credit card numbers. The hacking may have compromised customer names, billing information, mailing information email addresses, credit and debit card information, the expiration dated, the CVV on the back of the card.

More information: http://oag.ca.gov/ecrime/databreach/reports/sb24-59371

Information Source:
California Attorney General
Date Made Public:
December 22, 2015
Company: HealthSouth Rehabilitation Hospital
Location: Round Rock, Texas
Type of breach:
PORT
Type of organization:
MED
Records Breached:
1,359

HealthSouth Rehabilitation Hospital of Round Rock put out a notification on their site regarding a data breatch after a laptop was stolen.

"HealthSouth Rehabilitation Hospital of Round Rock, previously Reliant Rehabilitation Hospital Central Texas, is currently notifying potentially affected individuals that a laptop containing unsecured protected health information was stolen from the trunk of an employee’s vehicle on or around Oct. 21, 2015. The information on the laptop varied by individual but may have included an individual’s name, address, date of birth, Social Security number, phone number, insurance number, diagnosis, referral ID number or medical record number. At this time, the hospital is working to notify the 1,359 potentially affected individuals via letter."

More information: http://www.healthsouthroundrock.com/en/news-listing/2015-data-breach#sth...

Information Source:
Security Breach Letter
Date Made Public:
December 22, 2015
Company: Thomas Nelson Community College
Location: Hampton, Virginia
Type of breach:
DISC
Type of organization:
EDU
Records Breached:
0

Thomas Nelson Community College notified students of a data breach when their personal information was inadvertently sent to 11 current nursing students.

"We learned on December 9, 2015, that on December 8, 2015, your confidential student information to include name, address, phone number, social security number, student identification number, date of birth, immunization dates, background check results (no offenses listed), grades, and student progress indicators were emailed to eleven current nursing students.  Each of the email recipients has been contacted and directed to permanently delete this information. 

While there is no indication that your information has been misused in any way, as a precautionary measure, we are offering a complimentary one-year membership to Experian’s® ProtectMyID®."

More information: http://ago.vermont.gov/assets/files/Consumer/Security_Breach/Thomas%20Ne...

Information Source:
Vermont Attorney General
Date Made Public:
December 22, 2015
Company: Alliance Health
Location: South Jordan , Utah
Type of breach:
DISC
Type of organization:
MED
Records Breached:
0

Alliance Health has put up a notification on their site regarding a databreach that potentially exposed their customers personal health information.

"Alliance Health had a configuration error in its MongoDB Database installation. The leak was reported to DataBreaches.net by Chris Vickery, who has uncovered other leaks including the Systema Software leak affecting numerous clients and millions of insurance or workers compensation claims."

Databreaches.net notified the company of the breach.

More information: http://www.databreaches.net/misconfigured-database-may-have-exposed-1-5-...

Company notification: https://www.alliancehealth.com/news/statement-regarding-data-security/

Information Source:
Databreaches.net
Date Made Public:
December 22, 2015
Company: Crescent Hotels & Resorts
Location: Fairfax, Virginia
Type of breach:
HACK
Type of organization:
BSO
Records Breached:
0

On November 12, 2015 at the Holiday Inn Fredrick, Fredrick Maryland, notified individuals of a data breach when names, credit card account numbers of guests of the hotel were exposed to theft. The hotel does not say specifically how the information was stolen.

More Information: https://www.oag.state.md.us/idtheft/Breach%20Notices/2015/itu-262351.pdf

Information Source:
Maryland Attorney General
Date Made Public:
December 22, 2015
Company: Oceans Acquisition, Inc.
Location: , Texas
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
659

A laptop computer from the covered entity (CE), Oceans Acquisition, Inc., was stolen from a workforce member’s vehicle. The electronic protected health information (ePHI) on the laptop included patients' first and last names, diagnoses, dates of treatment, dates of birth, insurance providers, and medical record numbers for approximately 659 individuals. Upon discovering the theft, the CE filed a report with the county sheriff's office. Additionally, the CE provided breach notification to HHS, affected individuals, and the media. The CE also improved safeguards, sanctioned the involved workforce member, and retrained staff. OCR obtained assurances that the CE implemented the corrective actions listed above.

Location of breached information: Laptop

Business associate present: No

Information Source:
US Department of Health and Human Services
CSV