The state’s announcement: The Office of Consumer Affairs and Business Regulation today announced the online public availability of its Data Breach Notification Archive. The Massachusetts Data Security Law (M.G.L. c.93H) requires any entity that keeps a Massachusetts resident’s personal information to notify affected residents, the Office of Consumer Affairs and Business Regulation, and the Attorney…
Category: Of Note
MongoDB Databases Held Up for Ransom by Mysterious Attacker
Catalin Cimpanu reports: An attacker going by the name of Harak1r1 is hijacking unprotected MongoDB databases, stealing their content, and asking for a Bitcoin ransom to return the data. These attacks have been happening for more than a week and have hit servers all over the world. The first one to notice the attacks was…
Pager system hack resulted in HIPAA breach for Providence Health & Services
A while back, I was shown some live-streaming of a pager system that was being used in what appeared to be a hospital environment, as the pages included room numbers, patient medication information, etc. Unable to figure out what entity or organization was responsible for the system and the exposure as pages flew by rapidly,…
GRIZZLY STEPPE – Russian Malicious Cyber Activity
Joint Analysis Report Reference Number: JAR-16-20296 December 29, 2016 Summary This Joint Analysis Report (JAR) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This document provides technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence…
Family & Sports Medicine center patient records remain inaccessible three months after ransomware attack
Add Desert Care Family & Sports Medicine in Casa Grande, Arizona to the list of health facilities who suffered a ransomware attack. But what happened to them has resulted in my updating my worst breaches of 2016 list. On December 20, the center notified HHS that 500 patients were being notified that their server had…
The Worst Health Data Breaches in 2016
It’s relatively easy to identify which were the biggest breaches involving health data that were disclosed in 2016, but which of the hundreds of breaches disclosed were the worst ones if you look beyond the numbers? As in past years, we learned of devices with sensitive unencrypted health information being stolen from vehicles, paper records were found where they…