DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Finjan finds patient data on hackers' server

Posted on May 6, 2008 by Dissent

In its latest Malicious Page of the Month Report [pdf], Finjan, Inc. reports that it discovered

… a server controlled by hackers (Crimeserver) containing more than 1.4 Gigabyte of business and personal data stolen from infected PCs. The data consisted of 5,388 unique log files. Both email communications and web-related data were among them.

The compromised data came from all around the world and contained information from individuals, businesses, as well as renowned organizations, including healthcare providers.

Within the report, Finjan provides examples of compromised patient data:

The examples below show the open and easy access to the medical and personal data of patients, as well as email correspondence between physicians and healthcare providers and patients as was found on the hacker’s server (Crimeserver). To protect the privacy of parties involved, we filtered out and changed the shown data to ensure anonymity. Below is an example of a log containing a patient’s medical record and history that was stolen from his/her physician’s infected PC:

http://…../de…nts/…/MedicalRecordReview/
“Diagnosis=Admitted for IV abx 2nd spinal rod infection. Hx of SMA, wheelchair bound, on bipap c back up rate. ESR increased. Ctx neg. Not getting meds at home. Will need 42 days abx…. low grade fever 2 days ago.”

The next example shows part of a stolen email communication:

“…Attached you will find our personnel file. Please fill it out in its entirety and return via email….These forms are kept confidential and locked up”

The Crimeserver logs contained all kinds of patient information, including personal data, health data, treatment, medications, insurance details, Social Security Numbers, and healthcare providers’ data, including physician’s name.

Due to the fact that the data in this example were HIPAA related, we informed the FBI to take appropriate action.

Category: Health Data

Post navigation

← Canada: Fax had personal information
Anti-Discrimination Bill Inadvertently Legalizes Sharing of Genetic Information Without Patient Consent →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Banks Want SEC to Rescind Cyberattack Disclosure Requirements
  • MathWorks, Creator of MATLAB, Confirms Ransomware Attack
  • Russian hospital programmer gets 14 years for leaking soldier data to Ukraine
  • MSCS board renews contract with PowerSchool while suing them
  • Iranian Man Pleaded Guilty to Role in Robbinhood Ransomware
  • Developments surrounding data breach at Dutch police
  • Estonia launches international search for Moroccan citizen wanted over data theft
  • Now it’s Tiffany: Another LVMH luxury brand hit by hackers
  • Dutch Government: More forms of espionage to be a criminal offence from 15 May onwards
  • B.C. health authority faces class-action lawsuit over 2009 data breach (1)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The CCPA emerges as a new legal battleground for web tracking litigation
  • U.S. Spy Agencies Are Getting a One-Stop Shop to Buy Your Most Sensitive Personal Data
  • Period Tracking App Users Win Class Status in Google, Meta Suit
  • AI: the Italian Supervisory Authority fines Luka, the U.S. company behind chatbot “Replika,” 5 Million €
  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.
Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report