Summary from the OIG: Objective The objective of this audit was to determine whether the DoD effectively controlled access to health information of well-known DoD personnel. Background The DoD maintains millions of electronic health records on its DoD beneficiaries, [REDACTED] DoD personnel who are granted access to health information to perform their official duties…
Category: Health Data
700,000 French pharmacy Covid test results left publicly available
Ellie Fullalove reports (machine translation follows): A data leak involving an online platform used to transfer data from antigen tests carried out at pharmacies to the government platform SI-DEP has made 700,000 covid test results public, along with personal information. The platform known as Francetest was alerted to the bug in its system by the…
Sturdy Hospital in Attleboro sued over data breach
George W. Rhodes reports: A class action lawsuit has been filed against Sturdy Memorial Hospital alleging it failed to properly protect personal patient information that was stolen in a ransomware attack earlier this year. […] “Defendant maintained and secured the PII (personally identifiable information) in negligent manner by failing to safeguard against ransomware attacks,” the…
VaxiCode flaw: Quebec refused to give immunity to the whistleblower
Thomas Gerbet reports (machine translation follows): Contrary to what the Minister of Digital Transformation, Eric Caire, said, the Quebec government has never offered immunity to the computer scientist who discovered the security flaw in the VaxiCode health passport application. Exchanges of emails obtained by Radio-Canada reveal the underside of this affair and show that the…
Public health, vaccination records exposed in Denton County data breach related to Microsoft Power Apps
Maggie Prosser reports: Hundreds of thousands of public health records, including COVID-19 vaccination details, were exposed in a data breach that was linked to an app that is used at Denton County vaccine clinics, officials say. A malfunction in the third-party software revealed contact and identifying information, as well as COVID-19 vaccination types and appointment…
Beaumont Health notifies patients of Accellion breach
Friday, August 27, 2021 On February 5, 2021, Goodwin Procter LLP (“Goodwin”) notified Beaumont Health (“Beaumont”) of a security incident at Accellion, a third-party vendor whose File Transfer software was used by Goodwin for large file transfers on behalf of clients, including Beaumont. Goodwin received some personal and protected health information from Beaumont in connection…