The following analysis in the Texas Senate suggests that OCR and Texas have been negotiating a resolution agreement since Texas first reported this breach in June, 2015. Not only does that seem like a long time for this to be going on, but if you were to look at HHS’s public breach tool to see…
Category: Breach Incidents
DENTAL & MEDICAL COUNSEL: How Data Breaches Affect Dental Practices
Ali Oromchian Esq of the Dental and Medical Counsel wrote the following piece: As technology evolves so do the risks to a dental practice especially when it comes to HIPAA and other related security breaches of sensitive data. When you own a dental practice, a data breach occurs when there has been unauthorized access to…
AU: Security researcher pleads guilty in GoGet case
There’s an update to a case previously noted on this site in January, 2018. Rohan Pearce reports: Illawarra-based security researcher Nikola Cubrilovic has pleaded guilty to charges related to unauthorised access to the GoGet service and will be sentenced in May. Cubrilovic was arrested in January 2018 and charged with allegedly accessing a database the car-sharing…
Spanish Gym Franchise Database Exposed By Partner’s Data Breach
Bob Diachenko reports: On March 8th, 2019, I have identified a passwordless MongoDB database that was exposing sensitive information of an estimated 6,608 VivaGym job candidates and other business related data. VivaGym is a Spanish low-cost gym franchise operating in Spain and Portugal. At the moment of the discovery, database already had a ‘WARN’ collection,…
Woman Sues Northwestern Medicine Over Alleged Insider Wrongdoing that Exposed Her Medical Information on Twitter
Suzanne Le Mignot reports: A woman at the center of a lawsuit says Northwestern Medicine Regional Medical Group did not inform her of a privacy breach of her medical records until she called after seeing the records posted on social media. Gina Graziano calls it a breach of trust and said Northwestern should have better…
Database leaks 250K legal documents, some marked ‘not designated for publication’
Catalin Cimpanu reports: A database containing 257,287 legal documents, with some marked as “not designated for publication,” was left exposed on the public internet without a password, allowing anyone to access and download a treasure trove of sensitive legal materials. The database, which was left online for roughly two weeks, contained unpublished legal documents relating…