Lynn Terry has the scoop on what appears to be a new HHS resolution agreement. There’s nothing up on HHS’s site or in my mailbox yet about this one, but I had covered the four breaches mentioned in her report as well as a more recent breach (search OHSU). Oregon Health & Science University has…
Category: Exposure
Leaky database leaves Oklahoma police, bank vulnerable to intruders
Dell Cameron reports: A leaky database has exposed the physical security of multiple Oklahoma Department of Public Safety facilities and at least one Oklahoma bank. The vulnerability—which has reportedly been fixed—was revealed on Tuesday by Chris Vickery, a MacKeeper security researcher who this year has revealed numerous data breaches affecting millions of Americans. The misconfigured…
Physician took work home, and there it stayed after his employment terminated (UPDATED)
Here’s a breach that was actually disclosed in June, but first was posted to HHS in July. Kudos to HIPAAJournal who found their statement on their website when my old eyes missed the small print. You can read HIPAAJournal’s coverage here. The following is from Midland Memorial Hospital’s statement concerning a breach that impacted 1,468 patients: MIDLAND,…
AU: Breach sees abusive dad given address to his kids
It’s these “small breaches” that are often the most worrisome, as I’ve said ad nauseum for a decade. Here’s a case where an agency screws up, and their incident response is appalling – and dare I say, negligent. Yahoo7 reports: A violent father barred from seeing his children has been handed their new address in a…
Baton Rouge police database ‘hacked’ in retaliation for killing of Alton Sterling
Patrick Howell O’Neill reports: Just days after the fatal shooting of a black man by Baton Rouge police prompted international outrage and a Justice Department investigation, the Baton Rouge city government’s servers have been “hacked” and 50,000 city police records leaked online including names, addresses, emails, and phone numbers. A hacker named @0x2Taylor claimed responsibility…
California Health Care Facility email gaffe results in notifications
California Health Care Facility, which is part of the California Department of Corrections and Rehabilitation, is notifying an unspecified number of people that their names and Social Security numbers were erroneously emailed to an unauthorized recipient in an attached document on May 2. The erroneous email was subsequently deleted from the server.