From the notice on their web site: March 21, 2018 – Clinical Pathology Laboratories Southeast, Inc. (“CPLSE”) has become aware of a data security incident that may have involved the personal and protected health information of its patients and their payment guarantors. On September 20, 2017, a laptop issued to a CPLSE employee was stolen….
Atlanta city government systems down due to ransomware attack [Updated]
Sean Gallagher reports: The city of Atlanta government has apparently become the victim of a ransomware attack. The city’s official Twitter account announced that the city government “is currently experiencing outages on various customer facing applications, including some that customers may use to pay bills or access court-related information.” According to a report from Atlanta…
Prosecution drops five felony charges against Justin Shafer, accepts plea to one misdemeanor charge
In May 2016, the Dallas FBI raided dental integrator and independent researcher Justin Shafer because of allegations that he had accessed an FTP server without authorization. Shafer was subsequently raided twice more, and in March 2017, he was arrested and charged with stalking a federal employee – not hacking or any criminal conduct related to…
How long does it take for a MongoDB to be compromised? Hint: not very long.
Kromtech Security has done a follow-up on reports from last year about misconfigured MongoDB installations having their data deleted and replaced by “ransom” messages. The attackers were having a field day back then, but what is happening now? So Kromtech decided to employ a honeypot. It went live on March 1, 2018. And here’s what happened…
AU: Medical records exposed by flaw in Telstra Health’s Argus software
Ben Grubb reports: A flaw in medical software used by more than 40,000 Australian health specialists and distributed by Telstra has potentially exposed Australians’ medical information to hackers, who have been logging into practitioners’ computers and servers to carry out illegal activities. Read more on Sydney Morning Herald.
ID: School district reports inadvertent disclosure
This item by Dr. Michael Garrett that appeared in the Clearwater Tribune appears to concern Joint School District #171 in Idaho. At approximately 7:35 a.m. on March 19, a supervisor brought to my attention that an employee had discovered personal employee information on the district website. The information was verified in a payroll report which inadvertently…