Radiology Regional Center, PA, a physician-owned and managed diagnostic facility with nine locations in Florida, announced today that on December 19, 2015, Radiology Regional Center was informed by its records disposal vender (sic), Lee County Solid Waste Division (“Lee County”), that, on that same date, paper records containing the personal information of Radiology Regional Center’s…
Category: Exposure
22,000 dental patients’ info exposed on unsecured Eaglesoft FTP server
Eaglesoft software by Patterson Dental is a popular patient management system. But just as one security researcher had concerns about patient data security in Henry Schein’s Dentrix G5 software, he’s also had concerns about Eaglesoft, albeit for different reasons. He contacted this site on February 6 and notified CERT of his concern: Eaglesoft does seem to…
The second rule of incident response is to follow the plan
From the who-put-the-frying-pan-in-that-fire dept. Several weeks ago, DataBreaches.net received a complaint concerning a breach involving the Montgomery County Housing Opportunities Commission in Maryland. It seems that a vendor’s 1099 tax statement had been sent to the wrong recipient. It was not a particularly unusual breach, but the 1099 had been sent as an unencrypted attachment to an email, so I read…
FL: Discarded medical records found unsecured at public landfill
Trevor Pettiford reports that discarded medical records were found unsecured at a county landfill facility in St. Petersburg, Florida. The records, complete with names, addresses, and family histories, were discovered by a man dumping bulk trash at the Pinellas County Solid Waste facility at 3095 114th Avenue North in St. Petersburg. They apparently came from the…
@ChileanCrew Hacks, Leaks Details for 300,000 Chilean Citizens Looking for State Benefits
Catalin Cimpanu reports: A group of Chilean hacktivists that go by the name of Chilean Hackers have broken into the database of CONADI and stolen the personal details of 304,189 Chilean citizens looking for state benefits from the country’s government. Read more on Softpedia. I “get” that the hacktivists want Chile’s president to resign and they want…
Misconfigured MongoDB installation left Microsoft careers site vulnerable to attack
Chris Vickery writes: An exposed database was serving potentially arbitrary HTML through the mobile version of Microsoft’s careers page (m.careersatmicrosoft.com). Punchkick Interactive is a mobile web development company. Microsoft relies on Punchkick to handle the database that powers m.careersatmicrosoft.com. The bad news is that, for at least the past few weeks, this backend database has…