Mariam Issimdar and Nikki Fox report: A hospital trust has apologized after private information on more than 22,000 patients was released in two breaches. The leaks – in 2020 and 2021 – concerned maternity and cancer patients at Addenbrooke’s Hospital, Cambridge. Roland Sinker, chief executive of Cambridge University Hospitals NHS Foundation Trust said the breaches…
Category: Exposure
Millions of patient scans and health records spilling online thanks to decades-old protocol bug
Carly Page reports: Thousands of exposed servers are spilling the medical records and personal health information of millions of patients due to security weaknesses in a decades-old industry standard designed for storing and sharing medical images, researchers have warned. This standard, known as Digital Imaging and Communications in Medicine, or DICOM for short, is the internationally…
DFS Announces $1 Million Cybersecurity Settlement With First American Title Insurance Company
Press Release of November 28: The New York State Department of Financial Services (DFS) today announced that First American Title Insurance Company (First American) will pay a $1 million penalty to New York State for violations of DFS’s Cybersecurity Regulation (23 NYCRR Part 500) stemming from a large-scale cybersecurity breach in May 2019. The breach…
KidSecurity’s user data compromised after app failed to set password
Paulina Okunytė reports: KidSecurity, a popular parental control app that’s used to track children, has exposed its activity logs, leaving users’ private data in the hands of threat actors. With more than a million downloads on Google Play, KidSecurity provides parents with services to track their children’s location, listen to the sounds around the child…
Enterprise software provider Tmax leaks 2TB of data
Jurgita Lapienytė reports: A Korean IT company developing and selling enterprise software has leaked over 50 million sensitive records. The 2 TB-strong Kibana dashboard has been exposed for over two years. Cybernews researchers discovered it back in January 2023, noting the set of data was first spotted in June 2021. Our team attributed the dashboard…
A cyberattack on a U.K. accounting firm wound up leaking U.S. patient data. Now what?
DataBreaches would have passed over a listing on LockBit3.0’s site if Brett Callow hadn’t kindly called our attention to it. The listing by the threat actors was for HSKS Greenhalgh Chartered Accountants and Business Advisors, and LockBit claimed to have exfiltrated 168 GB of files with: Employees (NIN numbers, passport scans, ID scans, Employee forms…