Matt Discombe reports: Private patient data held by Gloucestershire hospitals was mistakenly uploaded to a server in the USA due to problems with its new electronic record system. Information on 56 patients held by Gloucestershire Hospitals NHS Foundation Trust had been erroneously copied onto the server in October. The records, which included ‘identifiable sensitive data’…
Category: Exposure
Real Time Health Quotes leak affected health insurance applicants
So it appears I missed a third-party vendor/business associate leak that affected at least two covered entities and possibly more. Great thanks to Humana for sending along the vendor’s press release when I inquired about a breach report Humana had made to HHS as affecting 5,764 members or potential members. It turns out that the…
July Systems data leak: Massive trove of sensitive information exposed online via unsecured database
India Ashok reports: A massive trove of sensitive data was left freely exposed online by San Francisco-based July Systems. The company’s cloud-based location intelligence and engagement platform called “Proximity MX”, which contains proprietary information belonging to the firm and its clients, were exposed via unsecured Amazon S3 databases. […] According to security researchers at Kromtech,…
A popular virtual keyboard app leaks 31 million users’ personal data
Zack Whittaker reports: Personal data belonging to over 31 million customers of a popular virtual keyboard app has leaked online, after the app’s developer failed to secure the database’s server. The server is owned by Eitan Fitusi, co-founder of AI.type, a customizable and personalizable on-screen keyboard, which boasts more than 40 million users across the…
Inside the Stanford Breach: Sexual Assault, Disciplinary and Financial Data Exposed
A series of cybersecurity vulnerabilities at Stanford University exposed thousands of sensitive files containing details of sexual assault investigations, disciplinary actions and more. The details of what happened—and why it should be an object lesson for higher education. A special three-part blog series. Craig A. Newman of Patterson Belknap writes: Part 1 In three separate…
Poor incident response? Bad PR, Monday edition
If you can’t prevent a breach, can’t you at least fake genuine concern? You know, the “At <blahblahblah>, we take your privacy and security very seriously” bit? Mark Flamme reports on a Key Bank breach where the bank’s response to notification of a problem is at least as problematic as the breach itself. After a…