Yakov Shafranovich found a vulnerability that exposed patients’ prescription histories to others as long as the other(s) had their full name and date of birth: During the signup process, PillPack.com prompts users for their identifying information. In the end of the signup rocess, the user is shown a list of their existing prescriptions in all…
Category: Exposure
Ca: Confidential medical records found abandoned
So HHS discloses a settlement with a pharmacy that did not properly dispose of patient records, and now we hear that a Canadian pharmacy has also failed to dispose of records properly. CTV reports: A discovery inside an apartment building’s recycling bin has one London man fuming, after private medical documents from a nearby pharmacy…
CA: Court orders hospital to release staff info following patient privacy breach
SanDiego6 reports: County USC-Medical Center must turn over the names and duties of all nurses and other medical personnel who treated a La Canada Flintridge woman who stuck pencils in her eyes in a suicide attempt as well as the identifications of staff supervisors, a judge ruled Thursday. The self-mutilated woman’s image was captured by…
FL: Bright House Cable work orders found trashed
Erik Sandoval reports that WKMG received a viewer tip about Bright House Cable customer information found behind Jaguar, Inc. Jaguar is a contractor for Bright House Cable in Altamonte Springs. The work orders exposed the names, addresses and other personal information of dozens of customers. Bright House provided a statement to WKMG: “Bright House…
Breach notification letters create second breach for health co-op
I had been a bit critical in reporting on a recent breach involving the Oregon’s Health Co-Op, writing: In reading the substitute notice below, note that they do not say from where the laptop was stolen, nor how many were affected. And what kind of “commitment” to privacy is it to just password-protect a laptop…
UK: Dumfries and Galloway Council data breach actions accepted
An update from the BBC about a breach I hadn’t spotted before: The Information Commissioner’s Office has said it is satisfied with Dumfries and Galloway Council’s actions in the wake of a data protection breach. It followed the inadvertent release of personal information which was later posted on the internet. It is understood that the…