A report by Greenbone Networks in September about the leak of medical images online made waves — including spurring Senator Warner to ask HHS OCR what it was doing in response to the report. Today, Greenbone reached out to a number of sites to alert us all to an update to their report. From their…
Category: Exposure
150 infosec bods now know who they’re up against thanks to BT Security cc/bcc snafu
Gareth Corfield reports: BT Security managed to commit the most basic blunder of all after emailing around 150 infosec professionals who attended a jobs fair – using the “cc” field instead of “bcc”. The email, shown to The Register by a non-trivial number of aggrieved recipients, thanked them for attending the Westminster Cyber Expo and popping by…
Exclusive: More than 90,000 patient billing files from an alcohol and drug addiction treatment network exposed online
Update: On December 2, Sunshine Behavioral Health reported this incident to HHS as impacting 3500 patients. They also ticked the box for Business Associate. Update 2: On January 23, 2020, ID Experts submitted a copy of their notification to patients to the Vermont Attorney General’s Office. Another day, another leak. In this case, an error…
Judiciary leaks personnel data of company in cocaine investigation; workers terrified
Janene Pieters reports: Personnel data from a fruit wholesaler in Hedel, Gelderland accidentally ended up in the criminal file of a major cocaine investigation, the Public Prosecution Service in Oost-Nederland confirmed. In a statement, the Prosecutor said it regrets the state of affairs, stressing that there have never been indications that people were in immediate…
Ca: No answers on Fort Simpson dump breach until 2020 due to privacy breach backlog
Hilary Bird reports: Almost a year after boxes of personal medical records were found at the Fort Simpson dump, the Northwest Territories Information and Privacy Commissioner hasn’t had time to investigate the breach. A spokesperson for Elaine Keenan-Bengts’ office says that because of a backlog, the commissioner won’t be able to look into the incident…
Prank Call Service PrankDial Exposed 138 Million Records Online
Jeremiah Fowler reports: On October 28th I discovered a non-password protected database that contained millions of log files. Upon further research, the records all contained information that identified PrankDial.com as the owner of the data. I immediately sent a responsible disclosure notice and the database was closed for public access shortly after. According to their…