Another Elasticsearch misconfiguration found by SecurityDiscovery. You can read about it here.
Category: U.S.
Update on American Medical Collection Agency breach: Almost 12 million Quest Diagnostic patients impacted
On May 10, DataBreaches.net broke the story of a medical collection agency breach involving American Medical Collection Agency. The breach had been discovered by Gemini Advisory, who informed this site that they had found approximately 200,000 patients’ payment card info for sale on a well-known marketplace. The cards had apparently been compromised between September, 2018…
Health Quest phishing incident in 2018 results in notification to patients, but why such a long delay?
Today’s Poughkeepsie Journal has a news story about a phishing incident that appears to have been discovered in July, 2018 that affected an unspecified number of Health Quest patients. From the available information, it sounds like Health Quest first discovered email attachments in January, 2019, and then it took them until April 2, 2019 to…
NY: Broome County security breach put employees’ and clients’ personal information at risk
Katie Sullivan Borrelli reports: Broome County says an unauthorized individual may have had access to the personal information of county employees and individuals who receive the county’s care, including their Social Security numbers, medical records and bank account information. In a news release sent on its behalf by Mullen Coughlin LLC, of Wayne, Pennsylvania, the…
MO: Data security breach affects thousands of students of Jefferson City Public Schools
A now-suspended employee of Jefferson City Public Schools transferred student files containing medical information and student identification numbers to a personal email account, the district said in a news release Wednesday. The district said it recently determined the employee transferred the files into a personal Gmail account, which is a violation of district policy. The…
Citrix Sued For Not Securing Employee Info Before Data Breach
Sergiu Gatlan reports: A class action complaint was filed by an ex-employee of Citrix for damages suffered following the security breach which allowed hackers to access Citrix’s internal assets for roughly six months and to steal sensitive personal information of both current and former employees. The plaintiff is Lindsey Howard, “a resident and citizen of…