Heather Landi reports: Hackers are using the Dark Web to buy and sell personally identifiable information (PII) stolen from healthcare organizations, and exposed databases are a vulnerable attack surface for healthcare organizations, according to a new cybersecurity research report. A research report from IntSights, “Chronic [Cyber] Pain: Exposed & Misconfigured Databases in the Healthcare Industry,”…
Category: Exposure
NJ Fines Health Insurance Provider $100K For Personal Information Breach
Kimberly Bosco reports: New York-based health insurance provider EmblemHealth, Inc. is paying the state of New Jersey a hefty fine for disclosing confidential personal information of over 6,000 New Jersey customers. Attorney General Gurbir S. Grewal and the Division of Consumer Affairs announced on Dec. 10 that EmblemHealth will pay NJ a $100,000 civil penalty….
Thielen Student Health Center accidentally leaks patient names, appointment dates
Kaitlyn Hood reports: Thielen Student Health Center (TSHC) experienced a data leak where inadvertently disclosed student information could be seen. Erin Baldwin, director of Thielen Student Health Center said on Nov. 5 the TSHC experienced a breach in their system when a coding error occurred as they put student information into a system to be…
Bethesda’s support site leaked people’s real names and addresses
Matt Cox reports: In a security breach last night (now resolved), Bethesda’s support site revealed the personal information of customers who’d submitted support tickets. The details – which included people’s names, addresses and phone numbers – mostly belonged to Fallout 76 Power Armor Edition buyers, who were after a replacement canvas bag for the nylon…
Florida contractor physicians’ group settles HHS claims after they failed to have a BA agreement in place with a vendor who had a breach
There is a follow-up to a 2014 breach reported on this site at the time. But it turns out there was an interesting twist to this case that HHS followed up. Here is their press release: Advanced Care Hospitalists PL (ACH) has agreed to pay $500,000 to the Office for Civil Rights (OCR) of the…
Jared, Kay Jewelers Parent Fixes Data Leak
Brian Krebs reports: In mid-November 2018, KrebsOnSecurity heard from a Jared customer who found something curious after receiving a receipt via email for a pair of earrings he’d just purchased as a surprise gift for his girlfriend. Dallas-based Web designer Brandon Sheehy discovered that slightly modifying the link in the confirmation email he received and…