by Steven Englehardt, Gunes Acar, and Arvind Narayanan Recently we revealed that “session replay” scripts on websites record everything you do, like someone looking over your shoulder, and send it to third-party servers. This en-masse data exfiltration inevitably scoops up sensitive, personal information — in real time, as you type it. We released the data…
Category: U.S.
Oklahoma State University Center for Health Sciences notifying 280,000 Medicaid patients after hack
Oof. Oklahoma State University Center for Health Sciences is notifying 279,865 Medicaid patients of a hacking incident. Here is the notice from OSU’s web site: Oklahoma State University Center for Health Sciences (OSUCHS) takes the privacy and security of our patients’ information very seriously. Regrettably, this notice is regarding an incident in which some Medicaid patient information…
Palomar Health notifying patients after nurse caught snooping in records
As seen on their site: Notice to Palomar Health Patients Regarding Unauthorized Access of Patient Health Information Palomar Health is committed to protecting the confidentiality and security of our patients’ information and we regret to inform you of an incident involving some of that information. Sometime between February 10, 2016 and May 7, 2017, some…
Montana State University Billings notifying students after laptop was stolen in November
Ugh. Another laptop was apparently stolen from an employee’s car. This one was from the education sector, but it contained some student health information and health insurance information. The incident was reported by Montana State University Billings to the Montana Attorney General’s Office on January 5, and letters are going out today to affected students….
Columbia Falls School District Number 6 notifies employees whose data may have been compromised by TheDarkOverlord
Interesting. The Columbia Falls School District Number 6 in Montana, who had been attacked by TheDarkOverlord, sent out notification letters and notified the Montana Attorney General’s office on January 5. In their submission to Montana, they note that the breach began September 1, and ended on November 13. In actuality, the November 13 date was…
Coplin Health Systems notifies 43,000 patients after laptop stolen from employee’s car
I really think that if HHS/OCR handed out a few well-advertised very very large monetary penalties, maybe these unencrypted devices stolen from car incidents would decrease. It really is ridiculous that this is still happening in 2018. It’s one thing if we’re talking about a small non-profit or something where they may not have resources…