Another enforcement action by HHS/OCR was announced today. This settlement involving Upper San Juan Health Service District (d/b/a Pagosa Springs Medical Center) is not an incident that I have been able to locate on HHS’s public breach tool or in this site’s records. According to the resolution agreement, the HHS investigation was opened in 2013. No,…
Over 40,000 credentials for government portals found online
Catalin Cimpanu reports: A Russian cyber-security firm says it discovered login credentials for more than 40,000 accounts on government portals in more than 30 countries. The data includes usernames and cleartext passwords, and the company believes they might be up for sale on underground hacker forums. Alexandr Kalinin, head of Group-IB’s Computer Emergency Response Team…
Data Breach at Florida Dispensary Highlights Vulnerabilities
Lukas Barfield reports: Last week, a Florida medical cannabis dispensary took their website offline after it was found that patient information was obtainable through the site’s basic search function. Sarasota-based AltMed is a licensed Medical Marijuana Treatment Center (MMTC) that also goes by the name MÜV. AltMed responded quickly by taking their website offline after…
UK: NHS to ban fax machines from 2020
From the This-Is-A-Good-Move dept., The Independent reports: Fax machines will be banned across the NHS in a bid to improve patient safety and cyber security. The outdated technology will be phased out by 31 March 2020 under plans announced by health secretary Matt Hancock. NHS organisations will be required to use modern communication methods instead, such as secure…
Ditch Google+ now.
David Thacker of G Suite writes that Google is abandoning Google+ even sooner than it had originally planned. A recent bug affecting more than 50 million users seemed to be the death knell for the product. In October, we announced that we’d be sunsetting the consumer version of Google+ and its APIs because of the significant challenges…
Report: 30 Percent of Healthcare Databases Exposed Online
Heather Landi reports: Hackers are using the Dark Web to buy and sell personally identifiable information (PII) stolen from healthcare organizations, and exposed databases are a vulnerable attack surface for healthcare organizations, according to a new cybersecurity research report. A research report from IntSights, “Chronic [Cyber] Pain: Exposed & Misconfigured Databases in the Healthcare Industry,”…