Vidant Health reportedly experienced a data breach earlier this month, affecting employees at its Duplin hospital. Reflector reports that the system released the following statement: “Vidant Health discovered that personal information for Vidant Duplin Hospital employees was subject to unauthorized access by an outside source. The unauthorized access occurred in early February. We notified employees in writing…
Month: February 2016
Des Moines administrator mistakenly publishes student scores
Jason Clayworth reports: The individual test scores of Des Moines elementary students identified as part of a behavioral needs presentation were posted on a personal website by a school administrator, a likely violation of federal law, a state official said Monday. The color-coded data are three years old and highlighted the names of Lovejoy Elementary…
Jacksonville law firm victim of ransomware
Max Marbut reports: You might think the data stored on your computer at home or work is relatively safe from theft or even tampering. You would be wrong. No one knows that better than attorney Thomas Brown of The Brown Firm. […] The culprits left behind a digital message: Give them $2,500 and they would…
FL: Radiology Regional Center Notifies Patients After Paper Records Fell Out of Vendor’s Truck
Radiology Regional Center, PA, a physician-owned and managed diagnostic facility with nine locations in Florida, announced today that on December 19, 2015, Radiology Regional Center was informed by its records disposal vender (sic), Lee County Solid Waste Division (“Lee County”), that, on that same date, paper records containing the personal information of Radiology Regional Center’s…
22,000 dental patients’ info exposed on unsecured Eaglesoft FTP server
Eaglesoft software by Patterson Dental is a popular patient management system. But just as one security researcher had concerns about patient data security in Henry Schein’s Dentrix G5 software, he’s also had concerns about Eaglesoft, albeit for different reasons. He contacted this site on February 6 and notified CERT of his concern: Eaglesoft does seem to…
The second rule of incident response is to follow the plan
From the who-put-the-frying-pan-in-that-fire dept. Several weeks ago, DataBreaches.net received a complaint concerning a breach involving the Montgomery County Housing Opportunities Commission in Maryland. It seems that a vendor’s 1099 tax statement had been sent to the wrong recipient. It was not a particularly unusual breach, but the 1099 had been sent as an unencrypted attachment to an email, so I read…