Zack Whittaker reports: Amber Group has fixed a second security lapse that exposed private keys and passwords for the government’s JamCOVID app and website. A security researcher told TechCrunch on Sunday that the Amber Group left a file on the JamCOVID website by mistake, which contained passwords that would have granted access to the backend…
Category: Health Data
Fake whistleblower sentenced to federal prison for trying to frame a former acquaintance for violating patient privacy
This is a bit different. From the U.S. Attorney’s Office, Southern District of Georgia: A Rincon man who portrayed himself as a whistleblower while falsely accusing a former acquaintance of violating patient privacy has been sentenced to federal prison. Jeffrey Parker, 44, of Rincon, Ga., was sentenced to six months in prison by U.S. District…
PA: Colonial Park Realty Co t/a Enders Notifies Customers of Data Breach
Colonial Park Realty Co. (Enders Insurance) issued a press release about a data breach that occurred last April when an employee’s email account was compromised. The breach was discovered on May 7, 2020, and they have been investigating since then, it seems, to find out who was impacted. Enders claims that they are notifying “in…
Florida: Personal and Prescription Information Found on Side of Road
Heather Crawford reports that First Coast News has been investigating papers found on the side of the road in St. Johns County. The papers, that included a prescription bag with prescription records and a nursing home’s information, appeared to come from a luxury senior living community in Jacksonville. “The pharmacy name on everything is Guardian…
Cybercriminal sells credentials of French hospital workers
François Manens reports (translation): 50,000 user accounts of French hospital agents are for sale on a cybercriminal forum. This data could allow buyers to access the computer networks of certain health establishments. Once introduced to the system, criminals can deploy their ransomware and cripple the hospital. New alert for French hospitals, this time launched by the monitoring site…
Amber Group breaks silence on unsecured storage bucket; NatSec minister suggests TechCrunch reporter may have violated CyberCrime Act
The Gleaner reports a follow-up on an unsecured storage server exposing personal information and COVID-related information of travelers to Jamaica. The exposed bucket was first reported by Zack Whittaker of TechCrunch on February 17: The storage server, hosted on Amazon Web Services, was set to public. It’s not known for how long the data was…