Jeremiah Fowler reports: On July, 7th I discovered 2.5 million records that appeared to contain sensitive medical data and PII (Personally Identifiable Information). The records included names, insurance records, medical diagnosis notes, and much more. Upon further research, there were multiple references to an artificial intelligence company called Cense. The records were labeled as staging…
Category: Health Data
Woman’s shock after getting two medical files with other people’s STD results and mental health diagnosis
Ciara Phelan reports: A woman told of her shock after receiving two different medical files containing separate patients’ STI results and a mental health diagnosis. Rachel Healy, 38, from Co Cork, said she received a medical file via email on August 5 from Union Quay Medical Centre in Co Cork which was not hers. The file contained the…
Please stop hard-wiring AWS credentials in your code. Looking at you, uni COVID-19 track-and-test app makers
Thomas Claburn reports: Albion College has a plan for students to return safely to campus this fall amid the COVID-19 coronavirus pandemic. It involves being tracked by an app that, at least until a few days ago, appears to have been insecure. The Michigan institution announced its plan on July 28, which calls for testing coordinated by…
NC: Lawsuit: ‘Alarming’ data breach at Coastal Prep Academy exposed sensitive personal data
Benjamin Schachtman reports: According to a letter sent to parents by Coastal Preparatory Academy and a lawsuit filed in Superior Court, a former employee obtained extremely sensitive personal information about parents and students, including social security numbers, health and financial information, and employment records. The charter school has filed several civil actions to recover passwords,…
Report: “No Need to Hack When It’s Leaking:” GitHub Leaks of Protected Health Information
The message request showed up in my Twitter notifications: Hi There! 🙂 I see you have some experience in getting the right amount of attention for medicaid related data leaks. I have found admin credentials to some super sensitive medical billing processing system and get nothing but silence on all available contact channels and no…
Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack
Brian Krebs reports: R1 RCM Inc. [NASDAQ:RCM], one of the nation’s largest medical debt collection companies, has been hit in a ransomware attack. Formerly known as Accretive Health Inc., Chicago-based R1 RCM brought in revenues of $1.18 billion in 2019. The company has more than 19,000 employees and contracts with at least 750 healthcare organizations nationwide. Read…