DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Update to Edgepark Medical Supplies breach (also updated to include Maryland)

Posted on January 17, 2014 by Dissent

Edgepark Medical Supplies has notified the New Hampshire Attorney General’s Office of a breach reported earlier this month to Vermont’s Attorney General. Their earlier report explained how malware inserted in their system went undetected until December 2013 when Symantec recognized it as malware and added it to their database/product.

Edgepark’s more recent report adds additional details about the incident, including that the hackers exploited a vulnerability in ColdFusion to insert the malware, and that

the malware intercepted online account usernames and passwords and stored them in a file on our website, which was accessed and downloaded by the Hackers between March 9 and March 11, 2013. The file was not accessed after March 11, 2013.

You can read their notification to the state and to 26 New Hampshire residents here.

As most security professionals realize, there is simply no one anti-virus software that will catch everything, and relying on any one product is risky.

Update: 101 residents of Maryland were also affected by the breach.

Category: Health Data

Post navigation

← Missouri Tax Preparer Indicted On Fraud Charges
Arrest made in theft of Inspira Medical Center Vineland computer, but what was on it? →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Major trial underway for data leak that left 72,000 victims in France
  • Anubis: A Closer Look at an Emerging Ransomware with Built-in Wiper
  • HealthEC Agrees to $5.48 Million Settlement to End Data Breach Lawsuit
  • US offering $10 million for info on Iranian hackers behind IOControl malware
  • Sompo Japan Insurance submits improvement plan after info leakage
  • Moreno Valley, Calif., Schools Report Data Breach
  • The Growing Cyber Risks from AI — and How Organizations Can Fight Back
  • Credit Control Corporation data allegedly from 9.1 million consumers listed for sale on forum
  • Copilot AI Bug Could Leak Sensitive Data via Email Prompts
  • FTC Provides Guidance on Updated Safeguards Rule

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Your household smart products must respect your privacy – including your air fryer
  • Vermont signs Kids Code into law, faces legal challenges
  • Data Categories and Surveillance Pricing: Ferguson’s Nuanced Approach to Privacy Innovation
  • Anne Wojcicki Wins Bidding for 23andMe
  • Would you — or wouldn’t you?
  • New York passes a bill to prevent AI-fueled disasters
  • Synthetic Data and the Illusion of Privacy: Legal Risks of Using De-Identified AI Training Sets

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.