Yesterday, DataBreaches.net reported on a misconfigured rsync backup that had been detected by Kromtech Security. The security firm had contacted DataBreaches.net for notification assistance on May 3 after unsuccessfully trying to notify iHealth Innovations that patient data from Bronx-Lebanon Hospital Center could be accessed and downloaded without any login required. One week later, we still do…
Category: Breach Incidents
Confidential medical records from Bronx-Lebanon Hospital exposed online by vendor’s error
Vendor’s error appears to have exposed personal and confidential medical data of patients seen at Bronx-Lebanon Hospital Center since 2014; Records also include addiction histories, psych histories, and histories of physical or sexual abuse; Hospital investigating to determine what happened and who may have accessed data. By now, you may be tired of reading reports on misconfigured MongoDB installations…
Hard drive with medical information on 2,200 LSU Health patients stolen
Chad Calder reports: A hard drive containing the personal information of 2,200 LSU Health New Orleans patients was stolen in March, and while police quickly made an arrest, the hard drive has not been recovered, the LSU Healthcare Network said Friday. The network said the theft occurred in the Department of Neurology Research on or…
TheDarkOverlord dumps 180,000 patients’ records from 3 hacks
While thousands of their followers on Twitter seem to be eagerly waiting for TheDarkOverlord (TDO) to dump more tv films or episodes of popular series, TDO went non-fiction this morning, dumping patient/medical records from some of their hacks in the healthcare sector last year. All told, almost 180,000 patients had their personal information shared with the world. Two of…
“They’re back:” Grey Eagle Casino hackers dump more data
Back in January, this site reported that Grey Eagle Resort & Casino in Calgary had been hacked and some personal employee data had been dumped. At the time, the hackers threatened to dump more data. The casino never responded to multiple inquiries from this site about the breach, but did confirm it to Global News. No explanation…
Hundreds of thousands of kids have identity info hacked from pediatricians’ offices
As Robert Lord of Protenus explains in the May issue of Compliance Today, pediatric patient data continues to remain not only vulnerable to criminals, but also quite valuable to them, in part because the medical records of these young patients provide criminals a blank slate upon which they can build a false identity. This—combined with the fact…