Exposed database backups discovered and reported by researcher @JayelTee are now being reported in more mainstream news after OrthoMinds issued a press about the incident. Marianne Kolbasuk McGee reports: A vendor of cloud-based orthodontic practice software is notifying an undisclosed number of patients that their data was exposed to the internet for 10 days last…
Category: Subcontractor
Former University of Michigan Football Quarterbacks Coach and Co-Offensive Coordinator Indicted on Charges of Unauthorized Access to Computers and Aggravated Identity Theft
DETROIT – Former University of Michigan Co-Offensive Coordinator Matthew Weiss—age 42, of Ann Arbor—was charged today in a 24-count indictment alleging 14 counts of unauthorized access to computers and 10 counts of aggravated identity theft, Acting United States Attorney Julie A. Beck announced. Beck was joined in the announcement by Cheyvoryea Gibson, Special Agent in Charge,…
Extensive US public school employee data compromise reported from Carruth Compliance Consulting breach
SC Media reports: Oregon-based third-party retirement plan administrator Carruth Compliance Consulting had information from more than 40,000 public school teachers and employees in California, Illinois, New York, Oregon, and Pennsylvania exfiltrated following a December attack by the newly emergent Skira Team hacking group, which purported the theft of data from 36 public schools across the…
Imprisoned IRS Contractor Leaked Information of Over 400,000 Taxpayers
James Lynch reports: Imprisoned former IRS contractor Charles Littlejohn improperly leaked information of over 400,000 taxpayers, a far greater number than the agency previously disclosed. Acting IRS Commissioner Douglas O’Donnell wrote a letter to House Judiciary Committee Chairman Jim Jordan (R., Ohio) earlier this month notifying him that Littlejohn’s illegal disclosures impacted 405, 427 taxpayers,…
Medical Billing Vendor Sued Over Health Data Leak ‘Gold Mine’
Cassandre Coyer reports: Health-care billing company Medical Billing Specialists Inc. didn’t appropriately monitor its computer systems, failing to notice a data breach exposing swaths of its clients’ patient data, a proposed class action said. The provider didn’t follow its contractual requirements with medical providers, nor “industry standards, common law, and representations” it made about its…
Business Associate breaches account for the largest percentage of breached patient records
As time permits, DataBreaches will take a deeper look at some of the findings reported in the Bluesight 2025 Breach Barometer. This post concerns business associates. In September 2016, DataBreaches.net published its first cumulative attempt to look at business associate breaches in the healthcare sector. At the time, HHS did not have any way to…