Protenus, Inc. has released its 2017 review of breaches involving health data. It is the second annual review they have published since we began collaborating on data collection and analyses. As a reminder of last year’s major findings: Protenus reported that in 2016, insider incidents constituted approximately 43% of the 450 incidents we had compiled…
Category: U.S.
Tupelo schools impacted by Questar data breach
Daily Journal reports: The Mississippi Education Department’s assessment vendor, Questar Assessment, Inc., reported today that 562 students in the Tupelo Public School District were impacted by the data breach the company discovered last week. Questar’s preliminary analysis found that an unauthorized user viewed student assessment records between Dec. 31, 2017 and Jan. 1 from Tupelo…
Private info for hundreds of Kansas voters exposed by Florida
Jonathan Shorman and Hunter Woodall report: Partial Social Security numbers for nearly 1,000 Kansas voters were released publicly by Florida after Secretary of State Kris Kobach’s office provided the data as part of a program that looks for double voter registrations. Kobach called the disclosure unfortunate but defended the program, called Crosscheck, as key to…
Infant Social Security numbers are for sale on the dark web
Selena Larson reports: Cybercriminals claim to be selling the Social Security numbers of babies on the dark web. The personal details of children — including dates of birth and mother’s maiden names — have been sought after for years. Now, researchers have found an ad on a forum for the sale of data claiming to…
Monticello Central School District notifying almost 2,600 of phishing attack last year
When I saw that Monticello Central School District in New York had submitted a breach notification to the Vermont Attorney General’s Office and it mentioned phishing, I thought we might have our very first W-2 phishing incident of 2018. But no, it seems that the school district is reporting a phishing incident that they believe…
Pedes Orange County notifying patients after doctor found accessing EMR without authorization
Pedes Orange County, Inc. in California shares their medical facility with another medical group that conducts surgical procedures. To coordinate, it seems that they share a scheduling tool with other medical professionals in their building. Somehow – and it’s not yet clear to me how this happened in terms of access controls – a physician…