As regular readers know by now, DataBreaches.net compiles data from health data breaches in the U.S. for Protenus, Inc. For the past few years, Protenus published monthly statistics and analyses, but this year, shifted to a quarterly report with more analyses and some fascinating proprietary data. Here’s an example of what you’ll find in their…
Category: Health Data
Telemedicine company exposed data of more than 2 millions patients in Mexico
Another day, another exposed database due to misconfiguration of a MongoDB installation. Bob Diachenko found it and reports on it: On August 3rd, I have discovered that personal information of 2,373,764 patients from Mexico is publicly available through a misconfigured MongoDB instance. Data included such fields as: Full name and gender; CURP number (i.e. Personal…
St. Mary’s Hospital Campus in Jefferson City notifies 301,000 of limited PHI left behind in a 2014 move
And this is why I always wait to close out monthly stats in healthcare. The following incident just showed up on HHS’s public breach tool today as having been reported to them on July 30, and affecting 301,000 patients. St. Mary’s Hospital’s notice, below, indicates that the entity was not sure of the number affected. …
OpenEMR patches serious vulnerabilities uncovered by Project Insecurity
Everyone has their own definition of a good day. Mine includes preventing breaches of patient medical information. Today qualifies as a good day, thanks to Project Insecurity. OpenEMR is open source software for managing electronic medical records (EMR) and other practice management functions. According to Wikipedia, OpenEMR is one of the most popular free electronic medical…
AU: 7000 patient records from Women’s and Children’s hospital exposed online in embedded data- for 13 years
Simeon Thomas-Wilson reports: Medical records of more than 7000 people were exposed online for 13 years, forcing an urgent review by SA Health into whether there were any other breaches. Names, date of birth and test results for around 7200 pathology tests at the Women’s and Children’s Hospital from 1996 to 2005 were leaked online…
11th Circuit Decision in LabMD Case Could Have Repercussions Beyond the FTC
F. Paul Greene and Daniel J. Altieri consider the landscape after the 11th Circuit’s decision in the LabMD case, noting the state-level Unfair and Deceptive Acts and Practices (“UDAP”) laws and The Nationwide Assurance of Voluntary Compliance may become more prominent as tools for data security enforcement actions. They write, in part: The Nationwide Assurance…