OS, Inc. provides revenue management (billing) services to covered entities. I recently reported on a phishing-related breach they experienced in 2018 that was first disclosed this month. As I noted in that post, their notification specifically mentioned a number of their affected clients. Their disclosure did not, however, provide a total number of patients affected,…
Category: Breach Incidents
Personal and health insurance information of most of Panama’s citizenry found in unsecured database
Bob Diachenko reports that he found an unprotected and publicly available Elasticsearch cluster containing what appears to be 3,427,396 records of Panamanian citizens. According to Diachenko, each record in tables labeled “patient” contained the following info: full name date of birth national ID number (cedula) medical insurance number (poliza seguro medico) phone email address other…
Memorial Hermann worker accused of stealing patients’ credit card numbers to pay rent
Sophia Beausoleil reports: A Memorial Hermann employee has been suspended after he was charged with credit and debit card abuse. He’s accused of stealing patients information to pay for rent, buy food and purchase rides to work. According to Harris County court records, 26-year-old Elliott Phylow admitted to Harris County Precinct Four constables that he…
American Medical Collection Agency breach impacted 200,000 patients – Gemini Advisory
A data breach involving a medical collection agency affected more than 200,000 patients who had used the firm’s online payment portal between September, 2018 and the beginning of March, 2019. At the end of February, Gemini Advisory analysts identified a Card Not Present (CNP) database that had been posted for sale in a dark web…
San Francisco Unified School District notifies families of Buena Vista Horace Mann students about data security incident
The San Francisco Unified School District recently notified families of current and former Buena Vista Horace Mann (BVHM) students about an incident in which student data was shared with some BVHM community members. An unsigned letter dated April 22nd from the district’s department of technology described what had transpired: On April 10, 2019, an electronic…
Was WallStreet Market seized by German authorities or is this just another part of the exit scam? [UPDATE: it’s real]
Did a darkweb marketplace known as WallStreet Market wind up seized by German authorities after its moderators pulled an exit scam? Or is what may be intended to look like a seizure by German authorities just another part of the exit scam? Today’s drama on the darkweb started after what appeared to be a seizure…