In June, I posted an item about how BCBS of Illinois was notifying people after a vendor informed them that law enforcement had alerted them that a vendor’s employee was not a licensed physician but an identity thief. That story did not seem to get a lot of press attention, but subsequent revelations named the physician…
Category: Health Data
Dozens of Norfolk students’ private health information posted online by school system
Sara Gregory reports: School crisis plans that detail the medical issues of dozens of Norfolk students and teachers were posted online last week for anyone to access. […] Larchmont Elementary School’s plans, for instance, list a student with autism and two students with mobility issues. St. Helena Elementary School lists 27 students who have either…
TX: MedSpring Urgent Care notifies 13,000 patients after phishing attack
As Protenus’s Q-2 report for health data breaches in the U.S. indicates, phishing continues to account for a significant percentage of reported breaches. Here’s another phishing incident recently disclosed to HHS that will be in Protenus’s Q-3 report as affecting 13,034 patients: July 20, 2018 At MedSpring Urgent Care (MedSpring), we take the privacy and…
Protenus 2018 Q2 Report: 3.14M Patient Records Breached As Patients Are Increasingly Anxious About Health Data Security
As regular readers know by now, DataBreaches.net compiles data from health data breaches in the U.S. for Protenus, Inc. For the past few years, Protenus published monthly statistics and analyses, but this year, shifted to a quarterly report with more analyses and some fascinating proprietary data. Here’s an example of what you’ll find in their…
Telemedicine company exposed data of more than 2 millions patients in Mexico
Another day, another exposed database due to misconfiguration of a MongoDB installation. Bob Diachenko found it and reports on it: On August 3rd, I have discovered that personal information of 2,373,764 patients from Mexico is publicly available through a misconfigured MongoDB instance. Data included such fields as: Full name and gender; CURP number (i.e. Personal…
St. Mary’s Hospital Campus in Jefferson City notifies 301,000 of limited PHI left behind in a 2014 move
And this is why I always wait to close out monthly stats in healthcare. The following incident just showed up on HHS’s public breach tool today as having been reported to them on July 30, and affecting 301,000 patients. St. Mary’s Hospital’s notice, below, indicates that the entity was not sure of the number affected. …