Andrea K. McDaniels reports: A doctor’s practice plan affiliated with the University of Maryland School of Medicine has notified patients that somebody hacked the account of a physician assistant’s email account that contained the personal information of patients. The orthopedics practice at The University of Maryland Faculty Physicians Inc. mailed letters to about 1,500 patients…
Search Results for: patient
Canadian plastic surgery center and spa were leaking patient files
Dr. M.W. Elmaraghy, a Canadian plastic surgeon, owns SpaSurgica, an outpatient plastic surgery clinic in Waterloo. He also owns Rejuvenate Medical Spa, which is at the same location as SpaSurgica. On December 27, Bob Diachenko of the MacKeeper Security Research team contacted DataBreaches.net to say they had discovered patient data from those two entities was exposed and that anyone could…
HHS OCR: Henrico Sen. Dunnavant’s political letter to patients broke health privacy rules, but no sanctions needed
There’s a follow-up to an HHS OCR investigation that I had noted back in October, 2015. And since we don’t see many OCR investigations reported like this one, it’s worth noting. Politicians who are also HIPAA-covered entities, in particular, may wish to take note. Graham Moomaw reports: State Sen. Siobhan S. Dunnavant, a Henrico County…
Misconfigured MongoDB database exposes sleep disorder program patients’ information
I blacked out while driving and wrecked …. So begins a message that was just one of more than 1,000 messages and more than 1,200 patient profiles exposed to the world because a sleep disorder clinic serving military personnel had a misconfigured MongoDB database that was indexed by Shodan. Thankfully, the files were still intact when MacKeeper Security Research…
Emory Healthcare patient data hijacked and held for ransom? (UPDATED)
Yesterday, I noted a somewhat alarming report that misconfigured MongoDB installations are being wiped by a hacker who steals the databases and then holds them for ransom of .2 BTC (approximately $200 at yesterday’s rate or $220 at today’s rate). This latest threat was reported yesterday by Catalin Cimpanu of Bleeping Computer after an ethical hacker, Victor Gevers, disclosed the discovery he had made as part of Project 366. On…
AL: Atmore Community Hospital fires employee who snooped on 1,000 patients’ records for more than one year
From The Atmore Advance: An Atmore Community Hospital employee was terminated for accessing the electronic record of approximately 1,000 patients without an appropriate work-related reason, according to a press release from Infirmary Health. The breach of the patients’ privacy was discovered during a routine audit on Nov. 18, Director of Marketing Lauren Giddens said in…