Adnan Farooqui reports: It’s ironic when programs that are meant to protect you from attackers actually open up doors from them. One of Google’s information security engineers discovered a critical flaw in Trend Micro antivirus which would not only have allowed attackers to execute code remotely but would have even let them steal all of…
Category: Of Note
Databases with voter information and the “database of ruin”
DataBreaches.net recently reported on two inadequately secured MongoDB databases that exposed voters’ information. The public’s reaction to these two incidents illustrated how little the majority of the public knows about what’s in a voter registration list and how such records are viewed by states. But the incidents also raise important questions as to whether existing laws provide adequate protection…
OR: Companies and state agencies must notify state of breaches affecting more than 250 Oregonians
KTVZ reminds everyone that Oregon’s new law has gone into effect whereby businesses and state agencies must notify the Oregon Attorney General of breaches affecting the personal information of at least 250 Oregonians. The new law defines protected data to include any medical, health insurance or biometric information as well as Social Security numbers, government ID numbers or…
40,000 Packages of Backlogged Claims Material Discovered at Single VA Office
This is absolutely disgraceful. Morgan Chalfant reports: More than 40,000 backlogged mail packages of veterans’ disability claims material were discovered at a VA regional office in Florida, according to a new report from the VA inspector general. Investigators also found more than 1,600 boxes of unprocessed veterans’ claims material at a scanning facility with which the St….
Henry Schein settles FTC charges it misled customers about encryption of patient data
It appears the FTC acted on a complaint I filed with them last year concerning Henry Schein Dental’s use of the word “encryption” in their marketing and their refusal to individually notify customers that the “encryption” provided by Dentrix G5 was not NIST-grade encryption that would give them Safe Harbor under HIPAA. Background on my concerns…
Bucking Clapper? Massachusetts court holds patients have standing to sue based on mere exposure of data alone
In August, 2014, I noted a report involving a transcription contractor of Boston Medical Center exposing patient information on the Internet. BMC notified approximately 15,000 patients and fired MDF Transcription Services because of the incident. Of note, BMC told patients in a notification letter that it had no reason to believe their information had been misused…