On November 16, the Center for Vitreo-Retinal Diseases in Illinois notified HHS of a breach that they coded as “unauthorized access/disclosure” involving PHI on the network server. Here is the notice on their web site that describes what the ransomware incident: The Center for Vitreo-Retinal Diseases has become aware of a potential data security incident…
Month: November 2018
After Microsoft complaints, Indian police arrest tech support scammers at 26 call centers
Catalin Cimpanu reports: New Delhi police have arrested 63 suspects in the last two months working and operating 26 call centers that were engaging in tech support scams, posing as tech support staff at Microsoft, Google, Apple, and other major tech companies. The raids on Delhi-based call centers have taken place over the last two…
Sky Brasil exposes data of 32 million subscribers
Catalin Cimpanu reports: As security experts predicted since last year, ElasticSearch servers –a technology for powering search functions– are becoming the next big source of massive data leaks. The latest company to be added to the list of breach incidents caused by an exposed ElasticSearch server is Sky Brasil, one of the biggest subscription television…
Amendments to data breach notification law in Colorado impact HIPAA-regulated entities
Kiss that 60-days to notify patients HIPAA bit goodbye if you’re doing business in Colorado. Julie A. Sullivan and Loreli Wright of Greenberg Traurig, LLP write: Passed during the 2018 state legislative session, House Bill 18-1128 went into effect on Sept. 1, changing Colorado’s law on the protection of personally identifying information and the procedure businesses must…
ElasticSearch server exposed the personal data of over 57 million US citizens
Catalin Cimpanu reports: An ElasticSearch server that was left open on the Internet without a password has leaked the personal information of nearly 57 million Americans for almost two weeks, ZDNet has learned. The leaky server was spotted by Bob Diachenko, Director of Cyber Risk Research for cyber-security firm Hacken, during a regular security audit…
Georgia Spine and Orthopaedics of Atlanta notifies 7,012 patients after phishing attack
Another day, another successful phishing attack in the healthcare sector. From the web site of Georgia Spine and Orthopaedics of Atlanta: Georgia Spine and Orthopaedics of Atlanta (“GSO”) was a recent victim of an email “phishing” scam that resulted in unauthorized access to an employee’s email account. “Phishing” involves scammers sending emails that look legitimate,…