And this is why I always wait to close out monthly stats in healthcare. The following incident just showed up on HHS’s public breach tool today as having been reported to them on July 30, and affecting 301,000 patients. St. Mary’s Hospital’s notice, below, indicates that the entity was not sure of the number affected. …
Category: Exposure
Salesforce API error may have caused data leak
Tom Allen reports: Cloud computing firm Salesforce has warned customers that their information may have been shared with other customers’ accounts, due to an API error. In a security advisory, the CRM company says it became aware of the issue on the 18th July. The error impacted ‘a subset’ of Marketing Cloud customers using the…
AU: 7000 patient records from Women’s and Children’s hospital exposed online in embedded data- for 13 years
Simeon Thomas-Wilson reports: Medical records of more than 7000 people were exposed online for 13 years, forcing an urgent review by SA Health into whether there were any other breaches. Names, date of birth and test results for around 7200 pathology tests at the Women’s and Children’s Hospital from 1996 to 2005 were leaked online…
Web doc iCliniq plugs leaky S3 bucket full of medical files
Another data leak by an Indian firm, it seems. John Leyden reports on this one: Online medical consultation service iCliniq has restricted access to thousands of medical documents it left in a public AWS S3 bucket. iCliniq acted earlier this week only after the slip-up was brought to its attention by German security researcher Matthias…
Credit Card Issuer TCM Bank Leaked Applicant Data for 16 Months
Brian Krebs reports: TCM Bank, a company that helps more than 750 small and community U.S. banks issue credit cards to their account holders, said a Web site misconfiguration exposed the names, addresses, dates of birth and Social Security numbers of thousands of people who applied for cards between early March 2017 and mid-July 2018….
EXCLUSIVE: Creditmate.in developer’s goof left 19,000 consumers’ credit reports unsecured
By Dissent Doe and Lee Johnstone On July 27, an independent researcher known as “Flash Gordon” (@s7sins on Twitter) contacted DataBreaches.net and Lee Johnstone to report that during a routine keyword search on Google, he had found numerous credit reports from Indian consumers exposed. Identifying the owner of the database was not easy in this…