Dr. M.W. Elmaraghy, a Canadian plastic surgeon, owns SpaSurgica, an outpatient plastic surgery clinic in Waterloo. He also owns Rejuvenate Medical Spa, which is at the same location as SpaSurgica. On December 27, Bob Diachenko of the MacKeeper Security Research team contacted DataBreaches.net to say they had discovered patient data from those two entities was exposed and that anyone could…
Hello Kitty Database of 3.3 Million Users Surfaces
Tom Spring reports: A cache of data including 3.3 million user credentials belonging to Hello Kitty parent company Sanrio surfaced over the weekend. The breach was originally reported in December 2015, but at the time Sanrio denied any data was stolen as part of the breach. The breach was tied to a misconfigured MongoDB installation that…
Cosmetic surgery center discloses ransomware attack
The Susan M. Hughes Center is a cosmetic surgery and medical spa with locations in New Jersey and Pennsylvania. On December 27, they notified HHS of a ransomware incident affecting 11,400 patients. The following is their statement about the incident: The Susan M. Hughes Center is committed to maintaining the privacy and security of patient information we maintain. This…
Princeton University becomes victim of MongoDB ransom attacks
Princeton University became one of the more than 27,000 entities that recently had their databases wiped by attackers who claim that if victims pay ransom, they’ll get their data back. The attackers have been able to access and overwrite databases in MongoDB installations that were left open on Port 27017. With no login or authentication required, anyone can access…
HHS OCR: Henrico Sen. Dunnavant’s political letter to patients broke health privacy rules, but no sanctions needed
There’s a follow-up to an HHS OCR investigation that I had noted back in October, 2015. And since we don’t see many OCR investigations reported like this one, it’s worth noting. Politicians who are also HIPAA-covered entities, in particular, may wish to take note. Graham Moomaw reports: State Sen. Siobhan S. Dunnavant, a Henrico County…
Eastern Health Investigating Unusual Privacy Breach
It was ultimately a case of calling the wrong phone number, but due to a combination of factors, the error wasn’t realized until after some patient information had been revealed. VOCM reports: Eastern Health is investigating after VOCM Backtalk host Pete Soucy found himself in a recent comedy of errors that resulted in a privacy…