Here’s something we don’t see everyday, and it involves Kentucky-based health insurer Humana. Humana’s technology team became suspicious after there were a number of calls to an 800 number of Humana’s that involved their Interactive Voice Response system where the caller was able to authenticate as a member by providing date of birth, zip code, and…
Category: Breach Incidents
Insurance startup leaks sensitive customer health data
Zack Whittaker reports: A software startup that provides independent insurance brokers with customer management software has exposed highly sensitive information on thousands of insurance policy holders. A vast cache of data was stored on Amazon S3 storage bucket by AgentRun, a Chicago, Ill.-based company founded in 2012 by Andrew Lech, a former independent insurance broker….
MN: Associates in Psychiatry and Psychology disclose ransomware incident
Associates in Psychiatry and Psychology in Minnesota have notified 6,546 patients and HHS of a ransomware incident that occurred in March. Some time overnight between March 30 and March 31st, the practice’s files were locked up with TripleM ransomware. The ransomware not only locked up the data files, but according to their notification and FAQ…
Bombas notifies consumers of breach going back to 2013
Bombas is sending out a breach notification to consumers. It says, in part: What Happened? We first started selling Bombas socks online using an outside vendor to develop and manage our website and a third party e-commerce platform for purchases. Malware in the code of the e-commerce platform was identified and initially removed from our…
Los Angeles County 211 exposed call logs with details
Another day, another leak involving sensitive information. From the UpGuard team: The UpGuard Cyber Risk Team can now disclose that sensitive data from the Los Angeles County 211 service, a nonprofit assistance organization described on their website as “the central source for providing information and referrals for all health and human services in LA County,” was…
More than 200,000 patients’ records were exposed on MedEvolve’s public FTP server – researcher
Common sense dictates that patients’ protected health information should not be made freely available on FTP servers that have no login required. And yet it still happens, and has happened again. Recently, this site learned of another FTP server exposing patients’ information. This particular FTP server belongs to MedEvolve, an Arkansas company that provides practice management…