Donna St. George reports: A contractor working with the Montgomery County school system has informed the parents of about 340 special-education students that the children’s private data was on a computer stolen during a break-in. WestEd, a nonprofit research organization, acquired the student data from Montgomery County school officials as it conducted a review of…
Category: Subcontractor
That Radiology Regional Center vendor’s breach potentially affected almost half a million patients
When Radiology Regional Center in Florida disclosed that paper records had been lost or fallen off the truck of its vendor, Lee County Solid Waste Division, they reported that they believed that they had retrieved all the records, but they were notifying all potentially affected individuals: Radiology Regional Center has advised potentially impacted patients to (1) place a…
Commenters on Henry Schein consent order: FTC was too lenient
Public comments on the consent order in FTC v. Henry Schein Practice Solutions are now available. The FTC will be responding to commenters, but I wanted to note one particular point raised by commenter because I hadn’t considered it when I filed my complaint with the FTC, and I think the commenters are right. Note that I did not submit…
FL: Radiology Regional Center Notifies Patients After Paper Records Fell Out of Vendor’s Truck
Radiology Regional Center, PA, a physician-owned and managed diagnostic facility with nine locations in Florida, announced today that on December 19, 2015, Radiology Regional Center was informed by its records disposal vender (sic), Lee County Solid Waste Division (“Lee County”), that, on that same date, paper records containing the personal information of Radiology Regional Center’s…
22,000 dental patients’ info exposed on unsecured Eaglesoft FTP server
Eaglesoft software by Patterson Dental is a popular patient management system. But just as one security researcher had concerns about patient data security in Henry Schein’s Dentrix G5 software, he’s also had concerns about Eaglesoft, albeit for different reasons. He contacted this site on February 6 and notified CERT of his concern: Eaglesoft does seem to…
Misconfigured MongoDB installation left Microsoft careers site vulnerable to attack
Chris Vickery writes: An exposed database was serving potentially arbitrary HTML through the mobile version of Microsoft’s careers page (m.careersatmicrosoft.com). Punchkick Interactive is a mobile web development company. Microsoft relies on Punchkick to handle the database that powers m.careersatmicrosoft.com. The bad news is that, for at least the past few weeks, this backend database has…