Vendor’s mistake potentially exposed “millions” of Bronx-Lebanon Hospital patients’ information; Hospital and vendor try to claim that iHealth Solutions was “hacked” by security researchers who uncovered the security problem; Hospital and vendor issue series of demands, threaten DataBreaches.net for reporting on incident; On May 3, Kromtech Security’s research team, conducting routine research, found that confidential and sensitive patient…
Category: Subcontractor
Former Government Contractor Pleads Guilty To ID Theft Scheme
A former government contractor pleaded guilty Friday to stealing the identities of numerous co-workers to make purchases at online retailers such as Amazon, Express, and Victoria’s Secret. According to the statement of facts filed with the plea agreement, Lakeisha Bradshaw, 28, of Temple Hills, Maryland, was a government contractor employed by Veteran Solutions, Inc., and was…
UPDATE: iHealth Innovations responds to Bronx-Lebanon Hospital data security concern
Yesterday, DataBreaches.net reported on a misconfigured rsync backup that had been detected by Kromtech Security. The security firm had contacted DataBreaches.net for notification assistance on May 3 after unsuccessfully trying to notify iHealth Innovations that patient data from Bronx-Lebanon Hospital Center could be accessed and downloaded without any login required. One week later, we still do…
Guardian Soulmates website suffers data breach
Zack Marzouk reports: Those looking for love on Guardian Soulmates have instead found explicit emails in their inboxes following a data breach. Guardian News & Media, parent company of the dating site, ruled out any outside hack, instead blaming it on human error by one of its third party technology providers. A spokesperson said: “We…
Hackers Find Celebrities’ Weak Links in Their Vendor Chains
Nicole Perlroth reports on how hackers go after vendors and contractors to gain access to their real targets. It’s something TheDarkOverlord emphasized repeatedly in discussing their attacks with me since last year, and Perlroth provides other examples as well: In December, hackers impersonating an executive at Interscope Records, the record label owned by Universal Music Group,…
Pentucket Medical notifies employees and patients of data security incident
Speaking of confusing incident reports, Pentucket Medical in Massachusetts reported a somewhat confusing incident to the New Hampshire Attorney General’s Office. It seems that on January 18, four boxes of mainly physician/clinician records were removed from CubeSmart Storage Facility by another client of the facility. Why that client might knowingly remove those cartons, and how…