Sometimes, reports submitted to HHS do not show up on their breach tool for a few weeks. A breach report submitted January 2 by Lawrenceville Internal Medicine Associates of NJ caught my eye today. The incident, coded as unauthorized access/disclosure of protected health information in email, reportedly impacted 8,031 patients. The following is a notice…
Category: Exposure
PA: Not Retroactively Redacting May Have Exposed Social Security Numbers
Jamie Martines reports: Hundreds of Social Security numbers could be contained in unredacted documents housed on the Allegheny County Civil Courts public website. The Tribune-Review located federal tax lien documents filed each year from 1997 to 2010 that display unredacted tax identification numbers. Read more on Governing. This is sooooo 1990’s…. still.
UK: Students got £140,000 from University of East Anglia for private data leak
Bethany Wales reports: The leak in June 2017 saw an email containing confidential details about students’ extenuating circumstances sent to hundreds of their peers. The circumstances, detailed in a spreadsheet, included suicidal thoughts, sexual assault, and serious family illnesses and bereavements. Now, a Freedom of Information request has revealed the university’s insurers paid out a…
LabCorp website bug exposed thousands of medical documents
Zack Whittaker reports: A security flaw in LabCorp’s website exposed thousands of medical documents, like test results containing sensitive health data. …. This latest security lapse was caused by a vulnerability on a part of LabCorp’s website, understood to host the company’s internal customer relationship management system. Although the system appeared to be protected with a…
H&M’s data leak in Germany “in legal examination”
Angela Gonzalez-Rodriguez reports: New York – Fashion retailer H&M (HMb.ST) said on Saturday that data security breaches found at its German unit were unacceptable and it was cooperating with the local data protection supervisory authority in its investigation into the matter. […] In October last year, the ‘Frankfurter Allgemeine Zeitung‘ reported that personal data of…
Identity and Access Misstep: How an Amazon Engineer Exposed Credentials and More
The UpGuard team reports: UpGuard can now disclose that a repository hosted on GitHub with data from an Amazon Web Services engineer containing personal identity documents and system credentials including passwords, AWS key pairs, and private keys has been secured from public access. The data was committed to a public repository on the morning of…