From the U.S. Department of Health and Human Services, this press release announcing that U. of Washington Medicine has settled charges it potentially violated HIPAA’s Security Rule. The investigation stemmed from an incident reported on this site in November, 2013. The University of Washington Medicine (UWM) has agreed to settle charges that it potentially violated the…
Category: Of Note
Two apps with health info found leaking: researcher. Part 2: Hzone
This is Part 2 of today’s posts reporting on apps leaking health information. The leaks were shared with DataBreaches.net by researcher Chris Vickery, and this one involves very sensitive health and medical information. Part 1 reported on iFit’s data leak. Screenshots provided to DataBreaches.net on December 8 by Vickery revealed that 4,926 user accounts from Hzone Dating App for HIV-positive…
Personal and sensitive data of 59,000 charter school students in California leaked: researcher
California Virtual Academies (CAVA) is a network of 11 publicly funded charter k-12 schools in California. Researcher Chris Vickery recently contacted DataBreaches.net after he found a database with 58,694 of their students’ records leaking. In addition to a lot of personal information on the students that was all in plain text, the leaking data included some information on student…
Small-Scale Violations of Medical Privacy Often Cause the Most Harm
Note: the following article was reported by Charles Ornstein of ProPublica, Dec. 10, 2015, 5 a.m. and is reproduced under Creative Commons license. Although Ornstein did not mention it in his reporting, the case of Tami Matteson was previously covered on this site in 2013 in a post entitled ” ‘Small’ breach, big harm.” In that article,…
Wyndham caves, settles charges with FTC (updated)
I did not see this coming. Wyndham has settled FTC charges, bringing an end to a closely watched court case involving FTC’s authority to enforce data security. The case was the first one that hadn’t resulted in a consent order. Today’s settlement leaves only the LabMD as a challenge to FTC’s authority to enforce data…
NullCrew hacker pleads guilty
Jon Seidel reports that NullCrew member Timothy J. French pleaded guilty this morning in federal court in Chicago. NullCrew’s attacks on Bell Canada, University of Virginia, Spokeo, Comcast, and other entities have been covered in the past on this site (search NullCrew), and many of NullCrew’s “Fuck the System!” newsletters and YouTube videos remain available online. During one…