An accounting firm used by the Saint Barnabas Health Care System and its affiliated hospitals in New Jersey has reportedly lost an unencrypted flash drive that may have contained some patients’ names as well as information about their health care. In a notice on their web site, the hospital states that the flash drive lost…
Month: September 2010
Second SunBridge Healthcare Corp data breach in as many months
SunBridge Healthcare Corporation has experienced another theft involving protected health information. On August 25, the company posted a press release to its site indicating that a BlackBerry containing unencrypted information about current and former residents and patients from eight Georgia nursing and rehabilitation centers was stolen from an employee’s desk on June 26, 2010. The…
Another data breach involving NYU School of Medicine?
The NYU School of Medicine Aging and Dementia Clinical Research Center informed HHS last week about a data breach that reportedly occurred on or about April 3 when a portable electronic device containing protected health information on 1,200 patients was lost. I cannot find any information on their site about this incident at this time…
‘Padding Oracle’ Crypto Attack Affects Millions of ASP.NET Apps
Dennis Fisher writes: A pair of security researchers have implemented an attack that exploits the way that ASP.NET Web applications handle encrypted session cookies, a weakness that could enable an attacker to hijack users’ online banking sessions and cause other severe problems in vulnerable applications. Experts say that the bug, which will be discussed in…
GAO Finds Agencies Lax On Data Protection
Elizabeth Montalbano reports: Some federal agencies that deal with highly sensitive data are not adequately protecting it from contract workers, a new Government Accountability Office (GAO) report found. The Departments of Defense (DoD), Homeland Security (DHS), and Health and Human Services (HHS) have some guidance and contract provisions in place for what data contractors can…
GAO: Stronger Safeguards Needed for Contractor Access to Sensitive Information
Elizabeth Montalbano reports: Some federal agencies that deal with highly sensitive data are not adequately protecting it from contract workers, a new Government Accountability Office (GAO) report found. The Departments of Defense (DoD), Homeland Security (DHS), and Health and Human Services (HHS) have some guidance and contract provisions in place for what data contractors can…