Public comments on the consent order in FTC v. Henry Schein Practice Solutions are now available. The FTC will be responding to commenters, but I wanted to note one particular point raised by commenter because I hadn’t considered it when I filed my complaint with the FTC, and I think the commenters are right. Note that I did not submit…
Category: Subcontractor
FL: Radiology Regional Center Notifies Patients After Paper Records Fell Out of Vendor’s Truck
Radiology Regional Center, PA, a physician-owned and managed diagnostic facility with nine locations in Florida, announced today that on December 19, 2015, Radiology Regional Center was informed by its records disposal vender (sic), Lee County Solid Waste Division (“Lee County”), that, on that same date, paper records containing the personal information of Radiology Regional Center’s…
22,000 dental patients’ info exposed on unsecured Eaglesoft FTP server
Eaglesoft software by Patterson Dental is a popular patient management system. But just as one security researcher had concerns about patient data security in Henry Schein’s Dentrix G5 software, he’s also had concerns about Eaglesoft, albeit for different reasons. He contacted this site on February 6 and notified CERT of his concern: Eaglesoft does seem to…
Misconfigured MongoDB installation left Microsoft careers site vulnerable to attack
Chris Vickery writes: An exposed database was serving potentially arbitrary HTML through the mobile version of Microsoft’s careers page (m.careersatmicrosoft.com). Punchkick Interactive is a mobile web development company. Microsoft relies on Punchkick to handle the database that powers m.careersatmicrosoft.com. The bad news is that, for at least the past few weeks, this backend database has…
NOT SO SECURUS: PART 2 Lawyers Speak Out About Massive Hack of Prisoners’ Phone Records
The Intercept follows up on its earlier report in which a hack of Securus revealed that 70 million phone calls had been recorded – many involving what should be privileged communications between attorneys and their clients. Jordan Smith and Micah Lee report: The Intercept’s analysis, to the contrary, estimated that the hacked data included at least…
Gyft Notifies Affected Users of Security Incident
Back in December, Brian Krebs reported: Digital gift card retailer Gyft has forced a password reset for some of its users. The move comes in response to the theft of usernames and passwords from a subset of Gyft customers. Mountain View, Calif. based Gyft lets customers buy and use gift cards entirely from their mobile…