EMR4all, Inc. was a California business providing free EMR software to physical therapy, speech therapy, and occupational therapy practices that used their associated patient billing service, Rehab Billing Solutions (RBS). Over the summer, they began shutting down operations and notifying their clients of their closure. Their effort to make a graceful exit wound up marred by a data…
Category: Commentaries and Analyses
Corporate Judgment Call: When to Disclose You’ve Been Hacked
Tatyana Shumsky reports: Companies are getting hacked more frequently but aren’t disclosing the incidents in their regulatory filings, a trend that worries investors. Just 95 of the nation’s roughly 9,000 publicly listed companies have informed the Securities and Exchange Commission of a data breach since January 2010, according to an analysis of their filings by…
Report: Third-Party Breaches in the Healthcare Sector Are Nothing to Sneeze At
DataBreaches.net has reported on a number of breaches in the healthcare sector this year that involved third parties, so I thought that I’d try to compile them to see how 2016 was shaping up. The resulting chronology, available in a new report co-authored with Protenus, Inc., includes more than 60 incidents involving business associates or vendors. Highlights of the…
Nearly 800,000 FTP Servers Accessible Online Without Authentication
Catalin Cimpanu reports: A recent brute-force scan of FTP servers available online via an IPv4 address revealed that 796,578 boxes can be accessed without the need for any credentials. The perpetrator of this scan is a security researcher that goes by the name of Minxomat, owner of a cyber-security firm that performs these types of…
Adventures in breach notification, Saturday edition
Someone should start a web site archiving the inappropriate responses we get when we try to notify entities that they’ve had a data breach. This would be my entry for today: I tried to alert an entity that they’d been hacked and data had been exfiltrated. It was after normal business hours, and I could find only one…
The Breach That Supposedly Isn’t a Breach
Discussing an incident disclosed by Troy Hunt this week, Jeremy Kirk reports: The handling of a recent data breach – the details of which are still unfolding – by Oakland, Calif.-based web services company Regpack provides a look into how the discovery and disclosure of a breach can turn into a real train wreck. Read…