A dental practice that purchased another dentist’s practice in 2012 finds itself having to notify their patients and his former patients after the theft of a server from a storage facility. In a letter to their patients and those of Dr. Justin Quinn, Dr. Justin Newberry of Napa Valley Dentistry states that on August 11, they discovered that a password-protected…
Category: Subcontractor
MA: Codman Square Health Center notifies members after breach at NEHEN
Notice of breach of unsecured health information This is a notice for patients whose information is accessible through New England Healthcare Exchange Network (NEHEN). On July 13, 2016, Codman Square Health Center was notified that a health information exchange was accessed without authorization and against Codman’s policies. The individual accessed information of many individuals that…
Report: Third-Party Breaches in the Healthcare Sector Are Nothing to Sneeze At
DataBreaches.net has reported on a number of breaches in the healthcare sector this year that involved third parties, so I thought that I’d try to compile them to see how 2016 was shaping up. The resulting chronology, available in a new report co-authored with Protenus, Inc., includes more than 60 incidents involving business associates or vendors. Highlights of the…
Vendor to offer protection to those affected by fishing and hunting licenses hack
Well, from reading news coverage, I knew this was coming, but here’s the official announcement: ACTIVEOutdoors, the vendor involved in the hack of several states’ hunting and fishing license sites, will be offering two years of credit monitoring services to people in three states. Here is their announcement: ACTIVEOutdoors announced today that on August 22, 2016, it became…
The Mystery of the Reappearing FTP server, Part 2
Earlier this week, in the context of discussing of how old and forgotten databases can come back to bite us in costly databreaches, I reported on a somewhat bizarre situation involving files belonging to a Pennsylvania dentist. I have since obtained more information on that situation, and thought I would update you all. Let’s start…
It’s 10 pm somewhere. Do you know where your old databases are?
An old database that seems to have magically reappeared online more than a decade after it was removed reminds us of an often-overlooked risk. In January, DataBreaches.net reported that a behavior intervention therapist’s database was exposed online due to a misconfigured MongoDB installation. What struck me about the incident was that the therapist likely had no idea that a company she had…