In 2006, I started advocating that there needs to be a law or regulation that requires businesses to have a method to receive notifications of security alerts. A number of people I respect offered explanations as to why that wasn’t a great idea. But 13 years later, I’m more convinced than ever that we need…
Category: Breach Incidents
Months after notifying patients of a leak, Medico issues press release
In July, DataBreaches.net reported on a leak it had discovered in June. On September 17, Medico of South Carolina reported a breach to HHS that reportedly impacted 6,489 patients. On December 11, they issued a press release that appears to be related to the same incident. Medico of South Carolina “(Medico”) is a medical billing company…
How can we screw up incident response? Let me count the ways — Monday UK Edition
This week, DataBreaches.net was reminded yet again of the risks of trying to alert an entity to a breach. This time, it was not me who was threatened or any of the whitehat researchers I know. This week, it was a citizen who found patient records on the street in his town and undertook to…
It’s not just state actors going after automotive companies: “DarkSly” claims hacks of Hyundai and Jaguar/LandRover
On December 6, Catalin Cimpanu of ZDNet reported that both BMW and Hyundai had reportedly been hacked. His report was based on reporting by Von Hakan Tanriverdi and Josef Streule that had been published on both BR.de and taggeschau.de. Their report was light on details, though, and neither BMW nor Hyundai would comment. to them…
CO: Sunrise Community Health Notifies Patients of Data Security Incident
Sunrise Community Health in Colorado has posted a notice concerning a recent data security incident. From their notice: A recent incident at Sunrise Community Health (“Sunrise”) may affect the privacy of certain information. Sunrise is unaware of any actual or attempted misuse of this information. However, Sunrise is providing notification to individuals whose information was…
Nebraska Medical Center is warning patients about data breach
Siouxland News reports on an insider breach affecting patients at Nebraska Medical Center. Officials say they were running an audit of their medical record system and found an employee got into those records sometime between July and October. They say that employee should not have been in those records. Hospital officials were not able say…