I’ve just read a breach notification from an incident that was reported to HHS as impacting 25,000. Reading it, it sounds like someone tried to tip the entity that they had a vulnerability and the tipster provided proof. But then their investigation couldn’t definitively prove that no data had ever been accessed or exfiltrated or…
Category: Health Data
Misconfigured cloud storage bucket exposed Pfizer drug safety-related reports — researchers
For lo, these many years, DataBreaches.net has been reminding everyone that not all leaks or breaches involving medical or sensitive personal health information are covered by HIPAA. Today’s story is a reminder of that. vpnMentor recently contacted DataBreaches.net about a leak their research team, led by Noam Rotem and Ran Locar, had discovered. The leak…
Ransomware Attack on a Major Health Tech Firm Slows Down Several COVID-19 Clinical Trials
Alicia Hope reports: A ransomware attack targeting medical technology firm slowed down clinical trials for the past two weeks, according to the New York Times. The attack targeted a Philadelphia company that develops software for clinical trials, including the crash effort to develop rapid coronavirus tests, treatment, and the vaccine. The attack on eResearch Technology forced…
California AG Settlement Suggests Privacy and Security Practices of Digital Health Apps May Provide Fertile Ground for Enforcement Activity
Libbie Canter, Anna D. Kraus, and Rebecca Yergin of Covington & Burling write: California Attorney General Xavier Becerra (“AG”) announced in September a settlement against Glow, Inc., resolving allegations that the fertility app had “expose[d] millions of women’s personal and medical information.” In the complaint, the AG alleged violations of certain state consumer protection and privacy laws, stemming from privacy…
OH: Potential class action against Health Recovery Services survives motion to dismiss
In April 2019, this site reported on a breach disclosed by Health Recovery Services (HRS). In October, 2019, Troy Foster sued them over the breach. I noted at the time that I was surprised at the claim concerning delayed notification when he had been notified in 60 days. I was not surprised to now read…
Dr Richard Freeman admits losing rider blood data from a third computer
Alex Balinger reports: Dr Richard Freeman has admitted losing rider blood data from a third laptop, this time after the UCI requested information about riders from the Giro d’Italia and Tour de France in 2011. Freeman is currently facing a medical tribunal, which is assessing his fitness to practice medicine after allegations he ordered testosterone with the intention of…