Connexin Software, a business associate to numerous pediatric practices, recently notified HHS that it experienced a breach that affected 2,216,365 patients. One thing DataBreaches noted with interest in their substitute notice below is their statement that an unauthorized individual was able to access an offline set of patient data used for data conversion and troubleshooting. …
Category: Breach Incidents
Reminder that small-n medical privacy breaches can cause harm
Over on PogoWasRight.org this morning, I linked to a post by Eric Goldman involving litigation over a medical privacy breach. One plaintiff claimed to have suffered significant harm in her life due to a hospital employee mailing her information to an unrelated third party who then posted it online. I mention that case because although…
No Need to Hack When It’s Leaking, Friday Global Edition
For today’s episode of “No Need to Hack When It’s Leaking,” DataBreaches brings you three leaks involving patient/medical information: one from the U.S., one from India, and one from Australia. Tridas Center Jeremiah Fowler and the Website Planet research team discovered an unsecured database containing more than 16,000 records with personally identifiable information about pediatric…
Bits ‘n Pieces (Trozos y Piezas)
MX: LV threat actors claim to have hacked UnitedAuto On November 19, LV BLog added UnitedAuto, a Mexican automotive company, to its leak site, claiming to have more than 2TB of stolen personal information. The threat actors criticized their victim, stating “United Auto does not have any basic protection for their system. The company has…
FL: South Walton Fire District notifies patients of breach
On May 30, South Walton Fire District learned of unauthorized access to their network. Investigation revealed that patients’ potentially affected information included: names, addresses, Social Security numbers, dates of birth, treatment dates, medical diagnostic and treatment information, and health insurance information for patients transported by or treated by SWFD. Local media reports those potentially at risk…
Update: Norman Public Schools’ employee and student leaked on dark web by ransomware gang
On Nov 4, DataBreaches noted that Norman Public Schools (NPS) in Oklahoma reported what they described as a “malicious ransomware attack.” Since then, the district has worked to restore all services. Because the district did not respond to the threat actors’ ransom demands, this week the Hive ransomware team publicly claimed responsibility for the attack…