Dave Lee reports that a simple url manipulation exposed customers’ information: A hotel booking website that was leaking large amounts of customer information is being investigated by the UK data privacy watchdog. HotelHippo.com, owned by HotelStayUK, had revealed booking information that had been a “gift for burglars”, a security expert said. The exposed data could allow the…
Consortium tests exchanging behavioral health data while maintaining privacy
Joseph Conn reports: A federally backed consortium of behavioral health providers, administrators and health information exchange experts has joined the chorus of voices addressing the vexing issue of how to pass along medical records for behavioral health patients without violating their privacy rights. The Behavioral Health Data Exchange Consortium, in a 105-page final report and…
Vermont Health accessed numerous times before breach detected – report
Jillian Kay Melchior has an update on the Vermont Health breach reported previously: A Romanian attacker hacked the Vermont health exchange’s development server last December, gaining access at least 15 times and going undetected for a month, according to records obtained by National Review Online. CGI Group, the tech firm hired to build Vermont Health…
Astros Respond After Hackers Breach Internal Database
The Houston Astros say they have been the victims of hackers who accessed their servers and published months of internal trade talks on the Internet. Read more on KWTX, who also provide a copy of the team’s statement.
TX: Metro Health laptop containing children's vaccination information stolen
Fox San Antonio reports that a laptop with up to 300 patients’ personal information was stolen last month from Metro Health [San Antonio’s Metropolitan Health District]. There does not seem to be any notice on Metro Health’s site explaining where the laptop was located at the time of the theft. WOAI reports, however, that the laptop, which contained…
Feds begin HIPAA probe in Cincinnati
Evan Schuman reports an update to a breach where a woman’s syphilis diagnosis was posted online: The U.S. Department of Health & Human Services has launched a federal probe into HIPAA privacy violations at the University of Cincinnati Medical Center, according to an HHS spokesperson. […] The investigation began last week after Healthcare IT News contacted HHS to ask…