- of
Breached Organization: Lawrence Memorial Hospital
Third-Party Involved: Blue Sky Credit, BrickWire LLC
Data Lost: Names, personal information, health care provider information, credit card numbers and checking account information for 10,000 patients
The Situation: A third-party burn of two degrees, Lawrence Memorial Hospital was left responsible for a breach of patient financial information after its credit vendor's website hosting company left a web portal open to public access that was tied to a database containing patient information.
Breached Organization: Securities and Exchange Commission (SEC)
Third-Party Involved: Financial Tracking Technologies (FTT)
Data Lost: Stock trading and financial information for 4,000 SEC employees
The Situation: Hired to manage an internal software program that tracks SEC employee trading information for ethical violations, FTT stepped into its own ethical trouble when it was discovered that it shared information in the system with other third-party companies without SEC approval.
Breached Organization: Tricare
Third-Party Involved: Science Applications International Corporation (SAIC)
Data Lost: Protected health information for over 5.1 million patients of military hospitals and clinics
The Situation: SAIC left Tricare with a lot of explaining to do after one of its employees left backup tapes containing millions of service members' health information in a car and the tapes were subsequently stolen.
Breached Organization: Department of Veterans Affairs (VA)
Third-Party Involved: Unnamed hardware and proprietary software vendor
Data Lost: Exposed Veterans Health Information System and Technology Architecture Systems,
The Situation: The unnamed IT vendor improperly shared user credentials to access VA networks without security clearance and without following the VA IT security protocol.
Breached Organization: Beth Israel Deaconess Medical Center
Third-Party Involved: Unnamed PC service vendor
Data Lost: Medical records, names and dates of birth for over 2,000 patients
The Situation: After completing routine maintenance, a sloppy PC service vendor failed to restore security controls on desktop that it worked on. As a result, a worm infected the machine and began to exfiltrate encrypted data files to a hacker's remote location.
Breached Organization: As many as 50 of America's top retail and financial brands
Third-Party Involved: Epsilon
Data Lost: Email addresses and names of millions of consumers
The Situation: Email marketing contractor Epsilon never really did spill exactly how many email addresses were stolen or how it was done, but speculation has it that a spearphishing attack helped hackers gain access to databases containing customer information from big brands such as JPMorgan Chase, Kroger and Tivo.
Breached Organization: Ingenix Healthcare Providers
Third-Party Involved: Ingenix
Data Lost: Social Security Numbers of healthcare providers using this analytics software vendor's services
The Situation: A health care information sharing network, Ingenix, exposed at least 142 health care providers in New Hampshire and possibly more nationwide by making their SSNs as ID numbers visible to those searching for providers in the system.
Breached Organization: State of Ohio
Third-Party Involved: Affiliated Computer Services (ACS)Data Lost: Social Security Numbers for up to 8,000 child care providers in OhioThe Situation: As the outsourced vendor of the automated system for payment and tracking of child care providers in Ohio, ACS made the decidedly low-tech mistake of sending out a mailing to all of the providers that had their SSNs visible from outside of the envelope.
10 Key Ingredients That Have Made Apple So Successful
10 Reasons RIM`s New CEO Won`t Fix the Company
Eight IT Jobs Skills That Win Six-Figure Salaries
Social Media Best Practices to Land that Dream Job
Channel Executives On The Move: 2012
Why SOPA Is Such A Big Issue
See All Slideshows
