Yesterday, I noted a somewhat alarming report that misconfigured MongoDB installations are being wiped by a hacker who steals the databases and then holds them for ransom of .2 BTC (approximately $200 at yesterday’s rate or $220 at today’s rate). This latest threat was reported yesterday by Catalin Cimpanu of Bleeping Computer after an ethical hacker, Victor Gevers, disclosed the discovery he had made as part of Project 366. On…
Category: Health Data
NH DHHS commissioner apologizes to families receiving breach notifications for deceased relatives
AP reports that New Hampshire’s health commissioner is offering an extra apology as his agency deals with a data breach that led to personal information of up to 15,000 people being posted online. The extra apology follows recent media coverage describing the emotional reaction of a woman who received a letter addressed to her son…
Veterans say mail from VAC outs medical marijuana users
Andrea Gunn reports yet another incident where Canadian medical marijuana users have been outed by a mailing gaffe. Veterans across Canada are reporting a security breach involving mail sent out by Veterans Affairs Canada that lets anyone looking at the outside of the envelope know it was issued under the federal medical marijuana program. Veteran…
Pager system hack resulted in HIPAA breach for Providence Health & Services
A while back, I was shown some live-streaming of a pager system that was being used in what appeared to be a hospital environment, as the pages included room numbers, patient medication information, etc. Unable to figure out what entity or organization was responsible for the system and the exposure as pages flew by rapidly,…
AL: Atmore Community Hospital fires employee who snooped on 1,000 patients’ records for more than one year
From The Atmore Advance: An Atmore Community Hospital employee was terminated for accessing the electronic record of approximately 1,000 patients without an appropriate work-related reason, according to a press release from Infirmary Health. The breach of the patients’ privacy was discovered during a routine audit on Nov. 18, Director of Marketing Lauren Giddens said in…
Hit by ransomware, Brandywine Pediatrics recovers quickly and notifies patients
Add Delaware-based Brandywine Pediatrics, P.A. to our growing list of healthcare entities hit by ransomware. The practice notified patients on December 23 that on October 25, they had discovered that their file server was inaccessible due to a computer virus. They did not indicate what type of ransomware was involved. Brandywine reports that were able…