For the past year or more, I’ve been receiving numerous tips and notifications from trusted researchers about leaks and breaches involving entities in India. While some of the incidents involve alleged miscreants, other incidents involve human error or misconfiguration situations. But as many of us have experienced and reported, when it comes to data protection…
Category: Breach Incidents
Update on Meditab breach
On March 19, this blog linked to a TechCrunch report about an improperly secured Meditab fax server that potentially allowed fax images with patient information to be accessed from an analytics portal. The exposure had been found by SpiderSilk, a cybersecurity firm in Dubai, who estimated that 6 million images were potentially accessible. The TechCrunch…
Klaussner Furniture Notified More than 9,000 Employees and Their Dependents of a Data Security Incident Involving Health Plan Data
Another day, another press release…. ASHEBORO, N.C., April 05, 2019 (GLOBE NEWSWIRE) — Klaussner Furniture Industries, Inc. (“Klaussner”) recently became aware that a data security incident that affected its operations could also have affected the personal information of certain current and former employees, as well as some of their dependents. However, after a thorough investigation…
Accounting firm notifies clients affected by Citrix Shareful incident
In December, 2018, Citrix forced a password reset for some of its clients due to what appeared to be a credential stuffing attack against ShareFile. But did some customers first find out about it March? On April 16, external counsel for LD Evans, CPA provided notification that began; On March 4, 2019, LD Evans learned…
Five months after disclosing a patient PHI breach involving employee email accounts, Metrocare discloses a second, identical, breach?
On April 5, Metrocare Services in Texas notified HHS that it was notifying 5,290 clients of a breach. A notice on their web site explains: On February 6, 2019, we learned an unauthorized third party gained access into some Metrocare employees’ email accounts beginning on January 2019. We immediately took steps to secure the accounts…
OH: Health Recovery Services notifying more than 20,000 patients after discovering unauthorized access that began in 2018
Health Recovery Services in Athens, Ohio, recently notified 20,485 patients after discovering in that an unauthorized IP address had accessed their network. The unauthorized access appears to have begun in November, 2018, and continued until the intrusion was discovered on February 5, 2019. Although investigation could not find any evidence that ePHI had been accessed,…