Zack Whittaker reports: FedEx has exposed private information belonging to thousands of its customers after a legacy server was left open without a password. The discovery was made by security researchers at the Kromtech Security Center, which posted details of the exposure alongside ZDNet. The data, hosted on a password-less Amazon S3 storage server, was…
Category: Exposure
Triple-S Advantage notifies 36,305 Puerto Rican members of mailing error involving their information
If you were an entity that wound up as part of a $3.5 million settlement with HHS in 2015, you probably wouldn’t want to be reporting yet another breach to HHS now, particularly if your area was still trying to recover from a major hurricane and crisis. Yet that’s the situation Triple-S Advantage, an independent licensee…
Data breach at MassTaxConnect exposed businesses’ info
Joshua Miller reports: A data mix-up on a state tax portal inadvertently made private data from about 16,500 business taxpayers viewable to other companies, potentially even competitors. The breach lasted from Aug. 7, 2017, through Jan. 23, 2018, and allowed some companies to view other business’s names, federal employer identification numbers, tax payments, and other…
Consequences for HIPAA violations don’t stop when a business closes
There’s a new settlement announcement from HHS OCR that makes clear that even if an entity closes its doors, any HIPAA enforcement action continues: A receiver appointed to liquidate the assets of Filefax, Inc. has agreed to pay $100,000 out of the receivership estate to the U.S. Department of Health and Human Services (HHS) Office…
This time, students’ records left behind
Barb Ickes writes: The 6-year-old’s psychological assessment is marked “confidential,” yet, there it is in my inbox. I didn’t read it. Finding it in my email felt wrong enough. But I understand what Jim Ziebell was doing. He was offering an example of the records that were left behind at a former school in Lost…
RoxSan Pharmacy Notifies Patients of Breach That Occurred in 2015
There are a number of unanswered questions about an incident disclosed by RoxSan Pharmacy today. See what you think, starting with their press release of today: As part of its commitment to patient privacy, RoxSan Pharmacy (“RoxSan”) notified 1,049 patients of a potential breach of unsecured personal patient protected health information. RoxSan is notifying affected…