DataBreaches.net recently reported on two inadequately secured MongoDB databases that exposed voters’ information. The public’s reaction to these two incidents illustrated how little the majority of the public knows about what’s in a voter registration list and how such records are viewed by states. But the incidents also raise important questions as to whether existing laws provide adequate protection…
Category: Of Note
OR: Companies and state agencies must notify state of breaches affecting more than 250 Oregonians
KTVZ reminds everyone that Oregon’s new law has gone into effect whereby businesses and state agencies must notify the Oregon Attorney General of breaches affecting the personal information of at least 250 Oregonians. The new law defines protected data to include any medical, health insurance or biometric information as well as Social Security numbers, government ID numbers or…
40,000 Packages of Backlogged Claims Material Discovered at Single VA Office
This is absolutely disgraceful. Morgan Chalfant reports: More than 40,000 backlogged mail packages of veterans’ disability claims material were discovered at a VA regional office in Florida, according to a new report from the VA inspector general. Investigators also found more than 1,600 boxes of unprocessed veterans’ claims material at a scanning facility with which the St….
Henry Schein settles FTC charges it misled customers about encryption of patient data
It appears the FTC acted on a complaint I filed with them last year concerning Henry Schein Dental’s use of the word “encryption” in their marketing and their refusal to individually notify customers that the “encryption” provided by Dentrix G5 was not NIST-grade encryption that would give them Safe Harbor under HIPAA. Background on my concerns…
Bucking Clapper? Massachusetts court holds patients have standing to sue based on mere exposure of data alone
In August, 2014, I noted a report involving a transcription contractor of Boston Medical Center exposing patient information on the Internet. BMC notified approximately 15,000 patients and fired MDF Transcription Services because of the incident. Of note, BMC told patients in a notification letter that it had no reason to believe their information had been misused…
Did a Christian right-wing organization expose private details of millions of people?
First someone left our voter registration details exposed to the world, but those were “just public records,” some argued. Now a second misconfigured database has been uncovered by Chris Vickery. This one, however, not only includes some states’ voter lists, but it also includes 19 million profiles with private information on religion, household values, gun ownership…