Well, from reading news coverage, I knew this was coming, but here’s the official announcement: ACTIVEOutdoors, the vendor involved in the hack of several states’ hunting and fishing license sites, will be offering two years of credit monitoring services to people in three states. Here is their announcement: ACTIVEOutdoors announced today that on August 22, 2016, it became…
Category: Subcontractor
The Mystery of the Reappearing FTP server, Part 2
Earlier this week, in the context of discussing of how old and forgotten databases can come back to bite us in costly databreaches, I reported on a somewhat bizarre situation involving files belonging to a Pennsylvania dentist. I have since obtained more information on that situation, and thought I would update you all. Let’s start…
It’s 10 pm somewhere. Do you know where your old databases are?
An old database that seems to have magically reappeared online more than a decade after it was removed reminds us of an often-overlooked risk. In January, DataBreaches.net reported that a behavior intervention therapist’s database was exposed online due to a misconfigured MongoDB installation. What struck me about the incident was that the therapist likely had no idea that a company she had…
WA: Highline Medical Center notifies 18,000 patients whose information was exposed on the Internet by third-party error
The R-C Healthcare Management error that resulted in Bon Secours notifying over 655,000 patients that their protected health information had been exposed on the Internet beginning in April also impacted CHI Franciscan Health Highline Medical Center in Washington. But unlike Bon Secours, which had a current relationship with the vendor, Highline was no longer a client at the time of…
Milwaukee VA Medical Center announces breach of veterans’ information
Network security breach with Milwaukee VA affiliate September 1, 2016 On August 22, 2016, Medical College of Wisconsin notified Milwaukee VA Medical Center of an incident compromising an MCW employee’s email address and, subsequently, private and protected health information of 21 veterans. On Aug. 29, 2016, Milwaukee VA notified 19 of the 21 veterans of…
Southwest Portland Dental notifies patients of Patterson Dental breach
There’s a somewhat interesting follow-up to a situation DataBreaches.net first reported in February. Back then, DataBreaches.net had reported that 22,000 patients from several health care providers had their PHI exposed on an FTP server that Patterson Dental used to provide support documentation for its Eaglesoft software. That report was based on information and screenshots provided by a researcher….