HNN reports: Personal information for as many as 70,000 public school students may have been compromised after a University of Hawaii vendor charged with overseeing a college and career planning website detected “suspicious” unauthorized access to one of its servers. […] The University of Hawaii’s P-20 Partnerships for Education provided the third-party vendor ― Graduation…
Category: Breach Incidents
Victims of AMCA’s breach allege AMCA not helpful enough in incident response
The other day, I wondered aloud whether there was anything the American Medical Collection Agency (Retrieval Masters) could have done after they were hacked to keep their big clients like Quest Diagnostics and LabCorp. An interesting report by Marianne Kolbasuk McGee on BankInfoSecurity suggests that there might have been. McGee reports that newly submitted court…
OH: Edgepark Medical Supplies notifying 6,572 patients after a “password spray attack”
It appears that RGH Enterprises, Inc., d/b/a Edgepark Medical Supplies, has had another HIPAA breach. The first time they came to this site’s attention was in January, 2014, when they disclosed a 2013 malware incident that had gone undetected for nine months and potentially impacted 4,230 patients. Then in January, 2018, they notified HHS and…
Ukrainian hacker sought by US arrested
AP reports that Mykhailo Rytikov, an alleged hacker wanted by the U.S. for years and who was indicted in absentia in 2013, has been arrested in Odessa. The operation was a coordinated effort by Ukraine, Britain, and the U.S. Bakanov said the operation found a data center with about 150 servers and that study of…
HIPAA nightmare: An IT vendor’s error left more than 300,000 files with protected health information exposed
Medico, Inc.’s IT vendor’s error left at least two Amazon buckets unsecured More than 300,000 files contained protected health information related to patient billing, complete with insurance information and treatment codes Leaks were independently discovered by at least three researchers using different search methods It’s been a rough few months in terms of business associates…
Aavgo security lapse exposed hotel bookings
Zack Whittaker reports: A security lapse at a hotel management startup has exposed hotel bookings and guests’ personal information. The security lapse was resolved Monday after TechCrunch reached out to Aavgo, a hospitality tech company based in San Francisco, which secured a server it had left online without a password. The server was open for…