On December 6, DataBreaches.net was contacted by researchers who requested help notifying two entities that they were exposing health information due to misconfigured AWS S3 buckets. They would turn out to be a delight to deal with, unlike a third entity that was also leaking information from a misconfigured S3 bucket. So let’s start with…
Category: Exposure
NYU Langone Health Notifies Patients of Improperly Disposed Binder Containing Patient Information
NYU Langone Health notified patients this week that a binder containing a log with information related to presurgical insurance authorizations from NYU Langone Health Pediatric Surgery Associates was mistakenly recycled by NYU Langone’s cleaning company on October 17, 2017. Patient social security numbers were not included and therefore are not at risk, and there is…
How Life in 123 Million American Households Was Exposed Online
Dan O’Sullivan reports: In another blow to consumer privacy, the UpGuard Cyber Risk Team can now reveal that a cloud-based data repository containing data from Alteryx, a California-based data analytics firm, was left publicly exposed, revealing massive amounts of sensitive personal information for 123 million American households. Exposed within the repository are massive data sets…
Health open data bungle meant Aussies could be identified
Note: this report out of the University of Melbourne is a follow-up study related to a breach disclosed in 2016. Allie Coyne reports: Researchers from the University of Melbourne have been able to easily re-identify patients from confidential data released by the federal Health department, without using decryption methods. Dr Chris Culnane, Dr Benjamin Rubinstein…
Ca: OIP Makes Recommendations After Library Book Returned Containing Patient Records
Joanne Francis reports: After a library book was returned to Nipawin Public Library, with records containing personal health information tucked into it’s pages, a library employee contacted Kelsey Trail Health Authority (KTHA). An employee from Nipawin Hospital retrieved the records of approximately 19 patients. Investigating it further, KTHA determined that a surgical assistant who was…
eBay Privacy Breach Exposes Customer Names on Google (Updated)
Ina Steiner reports: In what appears to be a major breach of customer privacy, eBay is exposing customers’ real first and last names, as well as the items they’ve purchased, publicly on Google. While the idea that your real name is exposed in a product review you left for a benign product like clothing or…