Jeremiah Fowler reports on another unsecured elasticsearch database that his firm has found: On March 27th I discovered an unsecured Elasticsearch database that contained what appeared to be members of a medical evacuation membership service. Upon further inspection of the data there were many references that the data allegedly belonged to Florida based SkyMed. It…
Category: U.S.
Audit: HHS Info Security Program ‘Not Effective’
Marianne Kolbasuk McGee reports: The Department of Health and Human Services’ information security program has received a “not effective” rating as a result of several weaknesses found in an annual review of compliance with the Federal Information Security Management Act of 2014. The HHS Office of Inspector General report is based on an audit conducted…
In the process of notifying patients of a web exposure breach, Inmediata experiences a mail exposure breach?!
Reading the comments under the Inmediata press release is like watching a train wreck happen right in front of you. Many people are reporting that they have received multiple notification letters from Inmediata — many with the names of people who are unknown to them and who do not live at their address. One person…
SEC Warns Advisers Over Privacy Compliance Issues
Craig A. Newman of Patterson Belknap writes: The Securities and Exchange Commission is warning investment firms to step up their game when it comes to following the agency’s privacy rules. In a Risk Alert issued by the Office of Compliance Inspections and Examinations (OCIE), a laundry list of compliance “deficiencies or weaknesses” were identified in…
Email breach exposes hospice patients
The Bulletin reports: An employee at Bend-based hospice Partners in Care was the victim of an email phishing attack that exposed the private health information of some patients. Partners In Care discovered the attack on March 4 and did an “extensive” forensic investigation and manual email review, according to a press release. The unidentified employee’s…
VA: Arlington Public Schools Informs Parents of Limited Data Breach
ARLNow reports: An “error” in the data inputted to the college readiness system used by Arlington Public Schools may have exposed the name, address, grade point average and college entrance exam scores of nearly two dozen students to an unrelated parent. Superintendent Patrick Murphy was sending a message, below, to all secondary (grades 6-12) families Friday morning informing…