Medico, Inc.’s IT vendor’s error left at least two Amazon buckets unsecured More than 300,000 files contained protected health information related to patient billing, complete with insurance information and treatment codes Leaks were independently discovered by at least three researchers using different search methods It’s been a rough few months in terms of business associates…
Category: Breach Incidents
Aavgo security lapse exposed hotel bookings
Zack Whittaker reports: A security lapse at a hotel management startup has exposed hotel bookings and guests’ personal information. The security lapse was resolved Monday after TechCrunch reached out to Aavgo, a hospitality tech company based in San Francisco, which secured a server it had left online without a password. The server was open for…
Northwest Indian College suffered major file loss in Ryuk ransomware incident
Northwest Indian College describes itself as the only accredited tribal college serving the states of Washington, Oregon, and Idaho. This month, they joined the ranks of colleges hit by ransomware. As seen on their website, this July 11th notice: This week, the Northwest Indian College (NWIC) has been facing a cyberattack identified as the Ryuk…
Google Data Breach Faces Review by Irish Privacy Watchdog
Stephanie Bodoni reports: Google faces a possible investigation by Irish data privacy regulators related to reports that contractors had been able to listen to audio of users of its digital assistant technology. The Irish Data Protection Commission received a breach notification from the company late Thursday, said Graham Doyle, the agency’s spokesman. Google reacted in…
Eight people are arrested in Hong Kong over cyberattacks against police as the city copes with the aftermath of anti-government protests
AFP and Tracy You report: Hong Kong police said today they had arrested eight people for stealing and disclosing personal information of officers online as the city grapples with the aftermath of unprecedented anti-government protests that saw its parliament ransacked. […] Six men and two women, aged 16-40, were arrested last night for allegedly ‘doxxing’…
Two Maryland medical practices notify patients after business associate error exposes patient information
Maryland-based Capitol Cardiology Associates (CCA) and Southern Maryland Medical Group (SMMG) are notifying patients because of an incident involving a third-party vendor/business associate. According to their notification letters, on March 14, Meditab Software, Inc. became aware of a potential breach involving protected health information (phi). The breach may have included patients’ medical records or visit…