I’ve been reading some other sites’ coverage of the Pfizer leak that was discovered by vpnMentor and shared exclusively with DataBreaches.net. The incident involved a misconfigured cloud storage bucket that exposed hundreds of consumer/patient reports to Pfizer on a reporting line for drug safety concerns or other concerns. As such, it contained a lot of…
Category: Commentaries and Analyses
Ensuring Transparency: Language to Avoid in HIPAA Breach Notifications
Over on HealthIT Security, Jessica Davis is singing a tune I’ve often sung about transparency in breach notifications. Sing along.
NSA Steps Out of Shadows to Spotlight Where China Hackers Prowl
William Turton reports: The U.S. National Security Agency detailed 25 cyber vulnerabilities frequently used by Chinese state-sponsored hackers in an effort to alert computer security officials to update their systems. Most of the vulnerabilities “can be exploited to gain initial access to victim networks using products that are directly accessible from the internet and act…
Passavant Memorial Homes Family of Services notifies 25,000 after someone alerts them to vulnerability
I’ve just read a breach notification from an incident that was reported to HHS as impacting 25,000. Reading it, it sounds like someone tried to tip the entity that they had a vulnerability and the tipster provided proof. But then their investigation couldn’t definitively prove that no data had ever been accessed or exfiltrated or…
Misconfigured cloud storage bucket exposed Pfizer drug safety-related reports — researchers
For lo, these many years, DataBreaches.net has been reminding everyone that not all leaks or breaches involving medical or sensitive personal health information are covered by HIPAA. Today’s story is a reminder of that. vpnMentor recently contacted DataBreaches.net about a leak their research team, led by Noam Rotem and Ran Locar, had discovered. The leak…
Six Russian GRU Officers Charged in Connection with Worldwide Deployment of Destructive Malware and Other Disruptive Actions in Cyberspace
From the U.S. Department of Justice yesterday: On Oct. 15, 2020, a federal grand jury in Pittsburgh returned an indictment charging six computer hackers, all of whom were residents and nationals of the Russian Federation (Russia) and officers in Unit 74455 of the Russian Main Intelligence Directorate (GRU), a military intelligence agency of the General Staff…