NYC Health & Hospitals Corp. posted a notice this week (reproduced below) that suggests that a rogue employee may have been selling PHI to law firms or clinics that specialize in motor vehicle accident patients. Of note, this notice does not specify any one hospital where the employee worked. Did the employee have access to…
UK: NHS radiographer, 32, faces jail after illegally accessing more than 200 female patients’ personal records before hounding them for dates
Sophie Law reports: An NHS radiographer who illegally accessed the personal records of more than 200 female patients before pestering them for dates is facing jail. Andrew Stewart, 32, who worked at hospitals in Lanarkshire and Ayrshire, used his position to look up patient files of women he had been treating and made a note of their contact…
Cucamonga Valley Water District discloses Click2Gov breach
From the Cucamonga Valley Water District website, a Dec. 4 notification: Cucamonga Valley Water District (CVWD) was recently informed of a data breach of the Click2Gov web portal used by CVWD customers for one-time credit card payments. CVWD values its customers and respects the privacy of their information, which is why, as a precautionary measure,…
IT vendor fined after data of 47,800 students, parents and staff of Singapore schools hacked
Nicole Chang reports: IT vendor Learnaholic has been fined S$60,000 after the personal data of more than 47,000 students, parents and staff of various schools were hacked. The organisation provided services including attendance-taking and e-learning systems to schools in Singapore under a contract with the Ministry of Education. However, lapses in its security arrangements led…
Katy ISD staff info, including Social Security numbers, released
KTRK reports: Katy ISD said the birth dates and Social Security numbers of its employees were “inadvertently” released. […] According to officials, the information was sent out in response to a routine request for an employee list. Read more on ABC13. This is not the first breach involving employees’ personal information, although in a bigger…
Bug bounty firm HackerOne suffers ‘sloppy cut-and-paste’ breach
Eva Short reports: … in an ironic turn of fortunes for the firm, HackerOne has now paid out a $20,000 bounty for the identification of a bug on its own platform. The hacker in question, user ‘haxta4ok00’, had been communicating with one of HackerOne’s security analysts last month. Throughout the course of the conversation, the…