Earlier this week, in the context of discussing of how old and forgotten databases can come back to bite us in costly databreaches, I reported on a somewhat bizarre situation involving files belonging to a Pennsylvania dentist. I have since obtained more information on that situation, and thought I would update you all. Let’s start…
Category: Health Data
St. Francis Health System hacked: TheDarkOverlord? (UPDATE)
TheDarkOverlord, who had hacked and attempted to extort a number of medical clinics in May – June, has seemingly reappeared [see UPDATES below this post], and claims to have hacked St. Francis Health System in Oklahoma: Last week, we ransacked the web servers of Saint-Francis, a network of hospitals and clinics located in Tulsa, OK. We…
Computer Breach Could Have Exposed Trauma Victims to Further Anguish
Jim Dwyer provides additional details and commentary on a breach involving research participants’ data held by the New York State Psychiatric Institute. [The research participants] included, among others, schoolchildren directly exposed to the events of Sept. 11; Puerto Rican youth; severely emotional disturbed young people in Westchester County and their caretakers; people in the Bronx suffering…
Laptop stolen from U.S. Healthwork was encrypted, but alas, the password was with it
U.S. Healthwork has notified HHS and 1400 patients after a laptop with protected health information was stolen from an employee. Although the laptop was encrypted, the password was stolen with the laptop. Notice to our Patients Regarding a Privacy Incident U.S. HealthWorks understands the importance of protecting the security of personal information of our patients….
FTC pushes back against LabMD application for stay
The FTC has uploaded complaint counsel’s opposition to LabMD’s application for a stay of the final order in FTC v. LabMD. Did they really write that with a straight face? It was difficult to read it without alternately laughing, spluttering, or fuming. Consider the opening paragraph of complaint counsel’s opposition (I’m interspersing my reactions): Respondent has…
It’s 10 pm somewhere. Do you know where your old databases are?
An old database that seems to have magically reappeared online more than a decade after it was removed reminds us of an often-overlooked risk. In January, DataBreaches.net reported that a behavior intervention therapist’s database was exposed online due to a misconfigured MongoDB installation. What struck me about the incident was that the therapist likely had no idea that a company she had…