Tina Terry reports that a Channel 9 News investigation resulted in crews removing dozens of boxes of patient records from an abandoned Statesville hospital, the old Davis Hospital. Now wait for it: the records were abandoned more than 30 years ago. But according to Davis Hospital, back then, “the hospital was operated by an unrelated organization.” Read…
Month: April 2015
Out of prison and off the Internet
Remember Higinio Ochoa (“w0rmer” or @Anonwormer) of Cabin Cr3w? This site had reported on some of their hacking activities back in the day. “Back in the day” meaning before Ochoa was arrested and went to prison. Alex Goldman has a story on Digg about Ochoa’s life as an offline programmer following his release from prison. You young…
Oh, those old files left lying around on your server, Saturday edition
It turned out to be no huge deal (thankfully), but after an announcement on Twitter by @Compl3x1ty of a login dump involving a medical group’s site, DataBreaches.net attempted to contact the Lutheran Health Network to alert them that data from the St. Joseph Medical Group had been accessed and dumped. The data dump indicated that an SQL injection had…
Data Security Act Introduced in New York State Assembly
On April 8, 2015, a New York Assemblyman introduced the Data Security Act in the New York State Assembly that would require New York businesses to implement and maintain information security safeguards. Read more on Hunton & Williams Privacy & Information Security Law Blog. So far, there does not appear to be any companion or mirror bill…
Medical pot users try class action after Health Canada privacy breach
Sherri Borden Colley reports the latest development in a lawsuit filed after an administrative error resulted in “outing” 40,000 medical marijuana users: Lawyers will go before a Federal Court judge in Halifax in June to ask the court to certify a proposed class action on behalf of 40,000 medical marijuana users whose privacy was breached by…
Seton Family Health notifying 39,000 patients after employee falls for phish; Second Ascension Health member to report breach this week (Update2)
Is Ascension Health being targeted by attackers successfully acquiring employee e-mail account logins via phishing? (Update 2: It seems they are. See this post after reading the one below.) Zach Lozano reports that Seton Family of Hospitals will provide free identity monitoring and protection services for patients who had their personal information leaked in a phishing…