Data Breaches

Breach Subtotal

Breach Type: all
Organization Type: all
Year(s) of Breach: 2018
Company or Organization: all
Date Made Public:
March 12, 2018
Company: Barnes-Jewish Hospital
Location: , Missouri
Type of breach:
DISC
Type of organization:
MED
Records Breached:
18,436

Location of breached information: Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
March 9, 2018
Company: The Arc of Erie County
Location: , New York
Type of breach:
DISC
Type of organization:
MED
Records Breached:
3,751

Location of breached information: Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
March 9, 2018
Company: inSite Digestive Health Care
Location: , California
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
1,424

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
March 8, 2018
Company: Kansas Department for Aging and Disability Services (KDADS)
Location: , Kansas
Type of breach:
HACK
Type of organization:
GOV
Records Breached:
11,000

The Kansas Department for Aging and Disability Services (KDADS) has begun to notify individual consumers about a recent incident in which personal or protected health information was disseminated to a specific group of KDADS business associates.

On February 23, 2018, KDADS became aware of a potential breach of personal or protected health information after an employee sent an unauthorized email containing personal or protected health information to a group of current KDADS business associates. . . 

The email contained an attachment which included consumer names, addresses, dates of birth, Social Security numbers, gender, in-home services program participation information and Medicaid identification numbers. No banking, credit card or driver license information was included.

All involved consumers identified by KDADS will be sent an individual letter explaining the situation. Please check the KDADS website at http://www.kdads.ks.gov for any additional information, which will be posted as it becomes available. Consumers and other interested persons may contact KDADS by telephone without incurring charges at 1-800-432-3535. Please leave a message for Kahlea Porter requesting a return call.

Information Source:
Government Agency
Date Made Public:
March 7, 2018
Company: Front Range Dermatology Associates, P.C.
Location: , Colorado
Type of breach:
DISC
Type of organization:
MED
Records Breached:
1,070

Location of breached information: Electronic Medical Record, Email, Laptop

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
March 7, 2018
Company: John J. Pershing VA Medical Center
Location: , Missouri
Type of breach:
DISC
Type of organization:
MED
Records Breached:
1,843

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
March 2, 2018
Company: Trimont Real Estate Advisors
Location: Atlanta, Georgia
Type of breach:
HACK
Type of organization:
BSF
Records Breached:
6

From approximately January 30, 2018, through February 6, 2018, an unknown person, without authorization, had access to the business email account of a Trimont employee. Trimont first learned that the account was potentially compromised on February 6, 2018, and immediately terminated the intruder's access to the email account and launched an investigation. The investigation has determined that the compromise began with a phishing email sent by the unknown person to the employee on January 30, 2018.

Information Source:
Security Breach Letter
Date Made Public:
March 2, 2018
Company: Novozymes US, Inc.
Location: Davis, California
Type of breach:
HACK
Type of organization:
BSR
Records Breached:
158

On or about December 25, 2017, an unauthorized individual executed an email-based attack and gained access to certain emails from a Novozymes employee's email account. Some of the email potentially accessed included the personal information of North Carolina residents. Novozymes discovered the breach on January 11, 2018 and took immediate action to prevent further unauthorized access. Novozymes also promptly investigated the issue, engaged outside counsel, and is notifying affected individuals and offering them consumer protection services. Novozymes is reviewing its policies and procedures and evaluating additional safeguards to help prevent this type of incident in the future.

Breached records include Account #, Driver's License, Passport, SSN.

Information Source:
Security Breach Letter
Date Made Public:
March 1, 2018
Company: Florida Agency Persons for Disabilities
Location: , Florida
Type of breach:
HACK
Type of organization:
MED
Records Breached:
63,627

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
March 1, 2018
Company: Esther V. Rettig, M.D., P.A.
Location: , Kansas
Type of breach:
HACK
Type of organization:
MED
Records Breached:
13,500

Location of breached information: Desktop Computer, Electronic Medical Record, Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
February 28, 2018
Company: Memorial Hospital at Gulfport
Location: , Mississippi
Type of breach:
DISC
Type of organization:
MED
Records Breached:
1,512

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
February 28, 2018
Company: St. Peter's Ambulatory Surgery Center LLC - d/b/a St. Peter's Surgery & Endoscopy Center
Location: , New York
Type of breach:
HACK
Type of organization:
MED
Records Breached:
134,512

Location of breached information: Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
February 28, 2018
Company: Union Lake Supermarket, LLC
Location: , New Jersey
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
9,956

Location of breached information: Other Portable Electronic Device

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
February 27, 2018
Company: FastHealth Corporation
Location: , Alabama
Type of breach:
HACK
Type of organization:
MED
Records Breached:
1,345

Location of breached information: Network Server

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
February 27, 2018
Company: Rhode Island Executive Office of Health and Human Services
Location: , Rhode Island
Type of breach:
DISC
Type of organization:
MED
Records Breached:
5,600

Location of breached information: Other

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
February 27, 2018
Company: Rhode Island Executive Office of Health and Human Services
Location: , Rhode Island
Type of breach:
DISC
Type of organization:
MED
Records Breached:
1,100

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
February 27, 2018
Company: Artesia General Hospital
Location: , New Mexico
Type of breach:
HACK
Type of organization:
MED
Records Breached:
864

Location of breached information: Network Server

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
February 26, 2018
Company: California College of Arts
Location: , California
Type of breach:
PHYS
Type of organization:
EDU
Records Breached:
623

Location of breached information: Laptop

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
February 26, 2018
Company: Quad/Med, LLC
Location: , Wisconsin
Type of breach:
DISC
Type of organization:
MED
Records Breached:
2,834

Location of breached information: Electronic Medical Record

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
February 26, 2018
Company: Center for Sports Medicine and Orthopedics
Location: , Tennessee
Type of breach:
DISC
Type of organization:
MED
Records Breached:
800

Location of breached information: Paper/Films

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
February 26, 2018
Company: QuadMed, LLC (Hillenbrand)
Location: , Wisconsin
Type of breach:
DISC
Type of organization:
MED
Records Breached:
2,471

Location of breached information: Electronic Medical Record

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
February 26, 2018
Company: QuadMed, LLC (Stoughton Trailers)
Location: , Wisconsin
Type of breach:
DISC
Type of organization:
MED
Records Breached:
2,834

Location of breached information: Electronic Medical Record

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
February 22, 2018
Company: University of Alaska
Location: Fairbanks, Alaska
Type of breach:
HACK
Type of organization:
EDU
Records Breached:
50

A data breach at the University of Alaska has impacted dozens of current and former employees and students, officials said.. . . The university said the accounts of 50 people were impacted.

Information Source:
Media
Date Made Public:
February 22, 2018
Company: Walmart, Inc.
Location: , Arkansas
Type of breach:
DISC
Type of organization:
MED
Records Breached:
735

Location of breached information: Electronic Medical Record

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
February 21, 2018
Company: Missouri Dept. of Mental Health
Location: , Missouri
Type of breach:
DISC
Type of organization:
MED
Records Breached:
1,000

Location of breached information: Other

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
February 21, 2018
Company: University of Virginia Medical Center
Location: , Virginia
Type of breach:
HACK
Type of organization:
EDU
Records Breached:
1,882

Location of breached information: Desktop Computer, Laptop

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
February 21, 2018
Company: ConnectiCare
Location: , Connecticut
Type of breach:
DISC
Type of organization:
MED
Records Breached:
1,834

Location of breached information: Paper/Films

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
February 20, 2018
Company: Riverside Logistics Services
Location: Henrico, Virginia
Type of breach:
DISC
Type of organization:
BSR
Records Breached:
142

On February 5, 2018, personal information for certain employees and former employees may have been accessed without authorization. As soon as Riverside discovered the incident, it reported the matter to the FBI’s Internet Crime Complaint Center and notified the Internal Revenue Service/Criminal Investigation to prevent fraudulent activity.

Information Source:
Security Breach Letter
Date Made Public:
February 20, 2018
Company: OneMain Financial
Location: Baltimore, Maryland
Type of breach:
PHYS
Type of organization:
BSF
Records Breached:
1

The branch received customer files from a branch that closed. A review of the files revealed that one customer file was missing.

Information Source:
Security Breach Letter
Date Made Public:
February 19, 2018
Company: Cascade Health Services, LLC
Location: Seattle, Washington
Type of breach:
INSD
Type of organization:
MED
Records Breached:
700

On January 26, 2018, Cascade Training Center learned that a company employee gained unauthorized access to the company's payroll and payment platform.

Records taken include Account numbers, Drivers license numbers and SSN

Information Source:
Security Breach Letter
Date Made Public:
February 19, 2018
Company: American Neighborhood Mortgage Acceptance Company LLC d/b/a AnnieMac Home Mortgage
Location: Mount Laurel, New Jersey
Type of breach:
HACK
Type of organization:
BSF
Records Breached:
109

"Unauthorized parties accessed certain AnnieMac Home Mortgage employee email accounts through an email phishing scheme. After learning of this incident, AnnieMac Home Mortgage conducted a thorough investigation and determined that the unauthorized parties gained access to the personal information of some of our customers. The personal information that was the subject of the incident was in electronic form."

Records exposed include Account Number and SSN

Information Source:
Security Breach Letter
Date Made Public:
February 16, 2018
Company: Wesley Enhanced Living
Location: Media, Pennsylvania
Type of breach:
DISC
Type of organization:
MED
Records Breached:
300

Wesley Enhanced Living suffered a breach affecting SSN records of 300 record holders. 

Information Source:
Security Breach Letter
Date Made Public:
February 16, 2018
Company: Navistar, Inc.
Location: Lisle, Illinois
Type of breach:
DISC
Type of organization:
BSR
Records Breached:
253

A third-party vendor failed to follow instructed mailing folding protocols. As a result, personal information may have been visible through the envelope window of 1099 mailings, when only a name and address were meant to be seen. Records breached include SSN.

Information Source:
Security Breach Letter
Date Made Public:
February 16, 2018
Company: Marriott International Inc.
Location: Bethesda, Maryland
Type of breach:
HACK
Type of organization:
BSR
Records Breached:
27

Specifically, on February 5, 2018, Mariott discovered that between January 23, 2018 and February 5, 2018, a third party obtained unauthorized access to employee information. A third party successfully posed as a Marriott employee by providing valid employee credentials in order to obtain access to Marriott employee Human Resources accounts. Through  investigation,  have determined that third party had access to the employees' direct deposit information, pay statement and W2 information. Mariott has taken steps to block access to compromised employee accounts and are actively monitoring for fraudulent activity.

Breached records include SSN and Account #.

Information Source:
Security Breach Letter
Date Made Public:
February 16, 2018
Company: Country Mutual Insurance Company
Location: Bloomington, Illinois
Type of breach:
PHYS
Type of organization:
BSF
Records Breached:
1,418

"A large mailing was mailed out by our third party vendor. Three COUNTRY Financial packages containing documents with individual personally identifiable information (PII) failed to be delivered by the United States Postal Service to the servicing COUNTRY Representative. They have also been unable to track the current location of these three packages. One additional package containing the same documents was damaged while in transit with the United States Postal Service. In their attempt to resolve the issue they removed the documents and repackaged them. All documents were received by the COUNTRY Representative."

Records breached include Account Numbers and SSN.

Information Source:
Security Breach Letter
Date Made Public:
February 16, 2018
Company: Jemison Internal Medicine, PC
Location: , Alabama
Type of breach:
HACK
Type of organization:
MED
Records Breached:
6,550

Location of breached information: Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
February 16, 2018
Company: Tufts Associated Health Maintenance Organization, Inc.
Location: , Massachusetts
Type of breach:
DISC
Type of organization:
MED
Records Breached:
70,320

Location of breached information: Paper/Films

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
February 16, 2018
Company: Flexible Benefit Service Corporation
Location: , Illinois
Type of breach:
HACK
Type of organization:
MED
Records Breached:
5,123

Location of breached information: Email

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
February 15, 2018
Company: Balasa Dinverno Foltz LLC
Location: Chicago, Illinois
Type of breach:
HACK
Type of organization:
BSF
Records Breached:
76

On 01/ 24, Aperio, an investment manager that manages certain BDF client assets through its portfolio management platform, informed us that some of our client data was unintentionally compromised.On 01/11, Aperio discovered two Aperio employee email accounts were compromised by a phishing scam that placed an unauthorized auto-forward rule on such accounts. All emails (including emails with sensitive information) sent to such accounts from 08/21/2017 to 01/11/2018 were blind cc'd to two external email addresses.

Information Source:
Security Breach Letter
Date Made Public:
February 15, 2018
Company: Balasa Dinverno Foltz LLC
Location: Chicago, Illinois
Type of breach:
HACK
Type of organization:
BSF
Records Breached:
76

On 01/ 24, Aperio, an investment manager that manages certain BDF client assets through its portfolio management platform, informed us that some of our client data was unintentionally compromised.On 01/11, Aperio discovered two Aperio employee email accounts were compromised by a phishing scam that placed an unauthorized auto-forward rule on such accounts. All emails (including emails with sensitive information) sent to such accounts from 08/21/2017 to 01/11/2018 were blind cc'd to two external email addresses.

Information Source:
Security Breach Letter
CSV