Catalin Cimpanu reports: A security researcher has published details and proof-of-concept exploit code for a zero-day vulnerability in vBulletin, one of today’s most popular forum software. The zero-day is a bypass for a patch from a previous vBulletin zero-day — namely CVE-2019-16759, disclosed in September 2019. Read more on ZDNet. Lawrence Abrams of BleepingComputer has…
Ashley County Medical Center investigates former employee accused of violating federal privacy laws
Gabrielle Phifer reports: Ashley County Medical Center is investigating a former employee they claim inappropriately viewed medical records of 772 patients. According to a release, ACMC’s policy and procedures revealed that a former employee, who has been identified as a nurse, accessed some patient information for purposes unrelated to care and treatment. Based on investigations…
Three more medical practices hit by ransomware
Atlanta does not seem to be a safe place for cybersecurity of orthopedic patients’ data. In 2016, orthopedic clinics in Atlanta got clobbered by two big breaches involving thedarkoverlord. The first was a hack and extortion demand on Athens Orthopedic Clinic, an organization that had more than a dozen locations but somehow didn’t have enough…
Travelex Forced into Administration After Ransomware Attack
After all these years of reporting on breaches, it’s still unusual to read that a company has folded as a result of a data breach, but we live in different times because of the added burden of the pandemic. Phil Muncaster reports: Ransomware victim Travelex has been forced into administration, with over 1000 jobs set…
OH: Premier Health Partners Discloses Breach, but No Notifications to Patients Yet
Well, they know something happened, but they haven’t completed their identification of whom they need to notify yet, it seems. From a notice on Premier Health Partners‘ web site: Premier Health Partners (“Premier Health”) is providing notice of an incident that may impact the privacy of personal information for certain patients and clients of the…
Argentina exposes COVID-19 health data in error
Tim Sandle reports: Argentina’s health officials have apparently exposed personal medical data relating to some 115,000 COVID-19 quarantine exemption applicants, in what represents a major health sector data breach. […] An Elasticsearch database containing personal information of more than 115,000 Argentinians who applied for COVID-19 circulation permits was exposed on the web without a password…