From CareFirst BlueCross BlueShield: On May 20, 2015, CareFirst BlueCross BlueShield (CareFirst) announced that the company has been the target of a sophisticated cyberattack. The attackers gained limited, unauthorized access to a single CareFirst database. This was discovered as a part of the company’s ongoing Information Technology (IT) security efforts in the wake of…
NY: Bellevue Hospital notifying 3,300 patients of breach
Jacobi Medical Center wasn’t the only hospital run by the Health & Hospitals Corporation that reported a breach on April 28. Bellevue Hospital Center also reported one: The incident in question occurred on January 15, 2015 and was discovered on February 27, 2015 when, in the course of HHC’s monitoring of outgoing emails, we identified…
Cn: Hacker jailed for linking school website to pornography pages
Ke Jiayun reports: A hacker who gained control of a middle school’s website in Chongming County and linked it to pornography pages was sentenced to 10 months in jail for illegally controlling computers, Chongming County People’s Court said today in Shanghai. The man began hacking into systems three years ago and had broken into dozens…
If the FTC comes to call
Mark Eichorn of the FTC writes: It’s a question we’re asked a lot. “What happens if I’m the target of an FTC investigation involving data security?” We understand – no one wants to get that call. But we hope we can shed some light on what a company can expect. First things first. All of…
Dentrix vulnerability still poses risk to patient data: researcher
In early 2014, and over on PHIprivacy.net, I published some posts expressing concern about a vulnerability in Dentrix software, Dentrix’s claims at the time that its G5 product incorporated “encryption,” and their subsequent decision that the firm would not individually notify all customers that what the customers had been sold as “encryption” was not encryption. Following up on the public posts,…
Chicago Public Schools breach affects 4,000 students
Melissa Sanchez reports: CPS mistakenly shared the names, home addresses, phone numbers, disability status and other personal information of 4,000 students to five vendors seeking to do business with the district. After learning of the unusual data breach, CPS officials say they took steps to remedy their actions. These include instructing the companies to dispose…