Johanna Weidner reports: Personal information for thousands of children was mailed to strangers in an OHIP privacy breach. The province confirmed Thursday that all the incorrectly printed health card renewal notices it mailed belonged to children who have a birth date in early July. A printing mistake on the double-sided form resulted in a mismatch…
Category: Exposure
NYU Accidentally Exposed Military Code-breaking Computer Project to Entire Internet
Sam Biddle reports: IN EARLY DECEMBER 2016, Adam was doing what he’s always doing, somewhere between hobby and profession: looking for things that are on the internet that shouldn’t be. That week, he came across a server inside New York University’s famed Institute for Mathematics and Advanced Supercomputing, headed by the brilliant Chudnovsky brothers, David and Gregory. The…
UPDATE: iHealth Innovations responds to Bronx-Lebanon Hospital data security concern
Yesterday, DataBreaches.net reported on a misconfigured rsync backup that had been detected by Kromtech Security. The security firm had contacted DataBreaches.net for notification assistance on May 3 after unsuccessfully trying to notify iHealth Innovations that patient data from Bronx-Lebanon Hospital Center could be accessed and downloaded without any login required. One week later, we still do…
Texas health system settles potential HIPAA violations for disclosing patient information
Okay, this seems a bit harsh in terms of monetary penalty. From another HHS/OCR settlement announced today: Memorial Hermann Health System (MHHS) has agreed to pay $2.4 million to the U.S. Department of Health and Human Services (HHS) and adopt a comprehensive corrective action plan to settle potential violations of the Health Insurance Portability and Accountability…
Funding Circle Error Exposes 6,000 SSNs Of American Clients
Thomas Fox-Brewster reports that Kromtech Security Research Center has been pretty busy this week: An upcoming London-based business loans provider, Funding Circle, left a database containing 6,000 social security numbers of American clients exposed to anyone on the internet, it emerged Wednesday. The company, which has helped companies bypass banks to borrow more than $1.5…
Confidential medical records from Bronx-Lebanon Hospital exposed online by vendor’s error
Vendor’s error appears to have exposed personal and confidential medical data of patients seen at Bronx-Lebanon Hospital Center since 2014; Records also include addiction histories, psych histories, and histories of physical or sexual abuse; Hospital investigating to determine what happened and who may have accessed data. By now, you may be tired of reading reports on misconfigured MongoDB installations…