About 14,000 People Affected by Klaussner Furniture Industries and Vetern Health Administration Breaches

by

A security breach on Klaussner Furniture Industries, Inc resulted to the exposure of the protected health information (PHI) of its 9,352 present and past employees as well as a number of the employees’ dependents.

Klaussner Furniture discovered that unauthorized individuals accessed its computers in February 2019. A top rated cybersecurity company helped carry out a forensic investigation, which verified that an unauthorized third party accessed two computers. The files in the computers contained information such as first and last names, birth dates, addresses, health benefit election(s), certain health data and Social Security numbers. No evidence was uncovered that indicates the access, copying or misuse of employee data. But it is not 100% certain that no data was access or exfiltrated.

The employees whose data were compromised worked in Klaussner Furniture in 1998 or some time from 2004 to February 25, 2019. The sensitive data of the employees’ dependents were only exposed because their names were included on employees’ health benefit elections from 2004 to 2019. All these people affected by the breach received free offers of identity protection and monitoring services for 12 months.

Klaussner Furniture has taken steps to improve data security by rebuilding affected systems, and implementing more security procedures that would stop further unauthorized access. Steps are also being explored to protect employee records.

Another security breach at Veteran Health Administration involved the impermissible disclosure of 4,882 Patients’ PHI. The Veteran Health Administration (VHA) found a mailing app error resulting to the inclusion of PHI of patients in letters delivered to other patients. VHA used a Xerox software-powered application to send the letters containing PHI to patients. The app extracts relevant information from electronic medical records to be included in mailings.

An error was found in some patients imaging and lab test results. Some letters had the appointment schedules of other patients printed on them. In every case, there was disclosure of PHI to one other patient. The error took place on February 13; Veteran Health Administration discovered and remedied it on February 16, 2019. At that time, 4,882 patients were mailed notification letters. The breach affected patients who had obtained medical services at Martinsburg VA Medical Center located in West Virginia in the past.

All persons affected by the breach have already been informed. The VHA is presently going over quality control procedures and will implement needed updates to stop further disclosure of PHI.