I blacked out while driving and wrecked …. So begins a message that was just one of more than 1,000 messages and more than 1,200 patient profiles exposed to the world because a sleep disorder clinic serving military personnel had a misconfigured MongoDB database that was indexed by Shodan. Thankfully, the files were still intact when MacKeeper Security Research…
Category: Health Data
Emory Healthcare patient data hijacked and held for ransom? (UPDATED)
Yesterday, I noted a somewhat alarming report that misconfigured MongoDB installations are being wiped by a hacker who steals the databases and then holds them for ransom of .2 BTC (approximately $200 at yesterday’s rate or $220 at today’s rate). This latest threat was reported yesterday by Catalin Cimpanu of Bleeping Computer after an ethical hacker, Victor Gevers, disclosed the discovery he had made as part of Project 366. On…
NH DHHS commissioner apologizes to families receiving breach notifications for deceased relatives
AP reports that New Hampshire’s health commissioner is offering an extra apology as his agency deals with a data breach that led to personal information of up to 15,000 people being posted online. The extra apology follows recent media coverage describing the emotional reaction of a woman who received a letter addressed to her son…
Veterans say mail from VAC outs medical marijuana users
Andrea Gunn reports yet another incident where Canadian medical marijuana users have been outed by a mailing gaffe. Veterans across Canada are reporting a security breach involving mail sent out by Veterans Affairs Canada that lets anyone looking at the outside of the envelope know it was issued under the federal medical marijuana program. Veteran…
Pager system hack resulted in HIPAA breach for Providence Health & Services
A while back, I was shown some live-streaming of a pager system that was being used in what appeared to be a hospital environment, as the pages included room numbers, patient medication information, etc. Unable to figure out what entity or organization was responsible for the system and the exposure as pages flew by rapidly,…
AL: Atmore Community Hospital fires employee who snooped on 1,000 patients’ records for more than one year
From The Atmore Advance: An Atmore Community Hospital employee was terminated for accessing the electronic record of approximately 1,000 patients without an appropriate work-related reason, according to a press release from Infirmary Health. The breach of the patients’ privacy was discovered during a routine audit on Nov. 18, Director of Marketing Lauren Giddens said in…