It appears the FTC acted on a complaint I filed with them last year concerning Henry Schein Dental’s use of the word “encryption” in their marketing and their refusal to individually notify customers that the “encryption” provided by Dentrix G5 was not NIST-grade encryption that would give them Safe Harbor under HIPAA. Background on my concerns…
Category: U.S.
Southern New Hampshire U. still investigating database leak exposing over 140,000 records
Steve Ragan reports: Southern New Hampshire University (SNHU) says they’re still investigating how a database containing some student and class information was exposed to the public. The database was discovered by researcher Chris Vickery shortly before Christmas. Vickery turned to Salted Hash for assistance in resolving the matter, as previous attempts to contact the university…
Washington Hospital Healthcare System notifies individuals of breach
Washington Township Health Care District (Washington Hospital Healthcare System) recently notified the California Attorney General’s Office of a breach. Their template of their notification letter was uploaded yesterday. The letter, signed by Kristin Ferguson,, Chief of Compliance, explains that the District learned on October 8th that an unauthorized individual may have gained access to a computer associated with…
Bucking Clapper? Massachusetts court holds patients have standing to sue based on mere exposure of data alone
In August, 2014, I noted a report involving a transcription contractor of Boston Medical Center exposing patient information on the Internet. BMC notified approximately 15,000 patients and fired MDF Transcription Services because of the incident. Of note, BMC told patients in a notification letter that it had no reason to believe their information had been misused…
OH: Regional Income Tax Agency loses DVD with personal info for 50,000 people, offers free credit monitoring
Bruce Geiselman reports: The Regional Income Tax Agency announced Dec. 31 that nearly two months earlier it lost personal data for about 50,000 people who filed tax forms with the agency. A backup DVD with the information cannot be located, according to RITA. The agency says it will provide one-year of free credit monitoring to those affected. Read…
Did a Christian right-wing organization expose private details of millions of people?
First someone left our voter registration details exposed to the world, but those were “just public records,” some argued. Now a second misconfigured database has been uncovered by Chris Vickery. This one, however, not only includes some states’ voter lists, but it also includes 19 million profiles with private information on religion, household values, gun ownership…