Princeton University became one of the more than 27,000 entities that recently had their databases wiped by attackers who claim that if victims pay ransom, they’ll get their data back. The attackers have been able to access and overwrite databases in MongoDB installations that were left open on Port 27017. With no login or authentication required, anyone can access…
Category: U.S.
HHS OCR: Henrico Sen. Dunnavant’s political letter to patients broke health privacy rules, but no sanctions needed
There’s a follow-up to an HHS OCR investigation that I had noted back in October, 2015. And since we don’t see many OCR investigations reported like this one, it’s worth noting. Politicians who are also HIPAA-covered entities, in particular, may wish to take note. Graham Moomaw reports: State Sen. Siobhan S. Dunnavant, a Henrico County…
Minneapolis settles more lawsuits over snooping in driver database
Whether it’s the healthcare sector, government, or any other sector, if you’re not using adequate tools to monitor and audit your employees’ access to personal information records, it will cost you sooner or later. Eric Roper reports: The long list of lawsuits against Minnesota governments for employees improperly snooping into the state driver’s license database…
First HIPAA enforcement action for lack of timely breach notification settles for $475,000
OCR has announced a settlement involving a breach that I never even reported on this site at the time and that doesn’t appear to have been in the news at the time. A quick look at HHS’s “Wall of Shame” shows two entries for the incident at issue: one entry says it was reported on…
VA: Former Nurse Sentenced for ID Theft and Bank Fraud
There’s an update to a case previously noted on this site. Capri M. Williams, 26, of Richmond, was sentenced today to three years in prison for identity theft and bank fraud crimes related to her stealing personal identifying information (PII) of hundreds of patients while employed at Commonwealth Primary Care (CPC), Inc., in Richmond. Williams…
Founder of Fake Prison Charity sentenced for stealing Prisoner Identities, Claiming Millions of Dollars in false Tax Refunds
Qadir Shabazz, a/k/a Deangelo Moore, a/k/a Deangelo Muhammad, has been sentenced to a prison term of 23 years, one month for running a massive, multi-state fraud scheme in which he operated a fake prison charity that stole thousands of prisoners’ identities to apply for millions of dollars in fraudulent income tax refund dollars. Shabazz was…