PST Services, a McKesson subsidiary providing medical billing services, reportedly had a breach that impacted multiple clients and left more than 10,000 patients’ information exposed via Google search for over four months. The full scope of the breach has yet to be determined. Based on HHS’s public breach tool, it appears that the breach occurred on December 1, 2013 and affected 24…
Hackers pop Brazil newspaper to root home routers
Darren Pauli reports: A popular Brazilian newspaper has been hacked by attackers who used code that attacked readers’ home routers, says researcher Fioravante Souza of web security outfit Sucuri. Attackers implanted iFrames into the website of Politica Estadao, which when loaded began brute force password guessing attacks against users. Read more on The Register.
Rob Ford tumour diagnosis: Do politicians have a right to medical privacy?
Mark Gollom reports: When Toronto Mayor Rob Ford’s doctor released the details of his abdominal tumour, it may have surprised some Canadians, not used to such medical information being revealed about one of their politicians. […] It was a rare public detailing of a Canadian politician’s medical condition. And it brought into focus the issue of how much medical privacy…
Singapore health bodies have qualified right to use personal data in health research projects without consent
From Out-Law.com: Medical research using identifiable patient data can be carried out in Singapore without individuals’ consent in certain circumstances, the country’s data protection watchdog has confirmed. The Personal Data Protection Commission has published new guidance on how Singapore’s data protection laws apply in the health sector (29-page / 144KB PDF). The guidance contains an example which…
Freenode IRC users told to change passwords after securo-breach
John Leyden reports: A security breach at popular, free and open source software-focused IRC network Freenode means users need to change their passwords. Freenode’s IRC server was compromised and passwords were likely sniffed by unidentified hackers, prompting a warning to users that they should reset their passwords as a precaution. The security breach was identified…
Tiversa, Inc.: White Knight or Hi-Tech Protection Racket?
No details have been posted yet, but the House Oversight Committee will be holding a hearing on September 17: “Tiversa, Inc.: White Knight or Hi-Tech Protection Racket?” The hearing will presumably include Tiversa’s role in obtaining and providing information to the FTC that it used in developing its complaint against LabMD. PHIprivacy.net emailed Tiversa’s CEO…