Vendor’s mistake potentially exposed “millions” of Bronx-Lebanon Hospital patients’ information; Hospital and vendor try to claim that iHealth Solutions was “hacked” by security researchers who uncovered the security problem; Hospital and vendor issue series of demands, threaten DataBreaches.net for reporting on incident; On May 3, Kromtech Security’s research team, conducting routine research, found that confidential and sensitive patient…
Category: Commentaries and Analyses
EPIC v. FBI: Agency Cyber Hack Notification Procedures Fall Short
Via EPIC.org: In Freedom of Information Act lawsuit EPIC v. FBI, EPIC has obtained the FBI notification procedures that would have applied to the Russian cyberattacks during the 2016 Presidential election. The documents obtained by EPIC establish that the FBI Cyber Division is to “notify and disseminate meaningful information to victims and the CND [Computer Network…
NZ: ‘Human error’ in MSD data breach
An employment investigation is underway at the Ministry of Social Development after a review into a blunder involving client information in a controversial information-sharing programme slated the ministry for its management of that programme. The review was into an April incident where one organisation accessed an organisation’s folder on a new IT system for social…
Report: Hackers ‘aligned’ with Vietnam government attacked international firms and media
Jon Russell reports: A hacker group “aligned with Vietnamese government interests” carried out attacks on corporate companies, journalists and overseas governments over the past three years, according to a report from cyber security firm FireEye. FireEye, which works with large companies to secure their assets from cyber threats, said it has tracked at least 10 separate attacks…
UPDATE: iHealth Innovations responds to Bronx-Lebanon Hospital data security concern
Yesterday, DataBreaches.net reported on a misconfigured rsync backup that had been detected by Kromtech Security. The security firm had contacted DataBreaches.net for notification assistance on May 3 after unsuccessfully trying to notify iHealth Innovations that patient data from Bronx-Lebanon Hospital Center could be accessed and downloaded without any login required. One week later, we still do…
BEC attacks have hit thousands, top $5 billion in losses globally
It’s nice to see this site’s findings agree with government assessments of a problem. It’s also nice to see our efforts put to good use. Steve Ragan has a new piece on Salted Hash with an update on BEC attacks, including those targeting W-2 information. DataBreaches.net has already compiled more than 200 instances of W-2 BEC…