International SOS is notifying travelers of a data security breach. “On August 28, 2013, it was confirmed that some of our data files containing personal information were potentially unlawfully accessed. The data accessed includes a limited amount of personal information. This may have included your name, passport number, and in a limited number of cases,…
Month: October 2013
The Michigan State University Police Department is investigating an attempted theft of employee direct-deposit payroll earnings
eSecurity Planet just made me aware of a breach disclosed earlier this week: Posted by the Michigan State University Police on October 20: On Friday, October 18, two employees reported receiving email confirmation of a change in their direct-deposit designation. Police say that valid credentials (MSU NetID and password) were used by a perpetrator to…
Rep. Joe Barton's stunning ignorance about HIPAA and healthcare.gov
During a Congressional hearing yesterday, Rep. Joe Barton questioned a panel of contractors about commented-out source code in healthcare.gov that tells site users that they have no reasonable expectation of privacy in using the site. Seemingly basing his questioning on this report on The Weekly Standard, Rep. Barton stated that the hidden (commented-out) code was…
Hackers compromise official PHP website, infect visitors with malware (updated)
Dan Goodin reports: Maintainers of the open-source PHP programming language have locked down the php.net website after discovering two of its servers were hacked to host malicious code designed to surreptitiously install malware on visitors’ computers. The compromise was discovered Thursday morning by Google’s safe browsing service, which helps the Chrome, Firefox, and Safari browsers automatically…
Ca: AHS cited for privacy breach after devastating Shaw fire
I’ve occasionally noted the problems that may arise following a natural disaster. Here’s a case where a health service did its best to ensure patient care following a massive outage due to fire. Although they had a plan in place, the commissioner’s investigation found that the plan was not sufficiently comprehensive, was not understood by…
UK: ICO follow-up on Burnett Practice undertaking
In April, I noted that the Burnett Practice had signed an undertaking with the Information Commissioner’s Office (ICO) after an email account they used to notify patients of upcoming appointments was hacked. Today, the ICO posted a summary of their follow-up to ensure that the practice complied with the undertaking. Given that the follow-up actions by…