For the past week, a number of us have been watching the explosive growth of attacks on misconfigured MongoDB installations. Victor Gevers of GDI Foundation and Niall Merrigan, a Norwegian developer, have been providing yeoman service investigating the problem, making notifications, and keeping us all apprised of their findings through their Twitter accounts. It all…
Search Results for: ransomware
Misconfigured MongoDB database exposes sleep disorder program patients’ information
I blacked out while driving and wrecked …. So begins a message that was just one of more than 1,000 messages and more than 1,200 patient profiles exposed to the world because a sleep disorder clinic serving military personnel had a misconfigured MongoDB database that was indexed by Shodan. Thankfully, the files were still intact when MacKeeper Security Research…
Emory Healthcare patient data hijacked and held for ransom? (UPDATED)
Yesterday, I noted a somewhat alarming report that misconfigured MongoDB installations are being wiped by a hacker who steals the databases and then holds them for ransom of .2 BTC (approximately $200 at yesterday’s rate or $220 at today’s rate). This latest threat was reported yesterday by Catalin Cimpanu of Bleeping Computer after an ethical hacker, Victor Gevers, disclosed the discovery he had made as part of Project 366. On…
The Worst Health Data Breaches in 2016
It’s relatively easy to identify which were the biggest breaches involving health data that were disclosed in 2016, but which of the hundreds of breaches disclosed were the worst ones if you look beyond the numbers? As in past years, we learned of devices with sensitive unencrypted health information being stolen from vehicles, paper records were found where they…
Georgia Tech Human Resources Notifies Employees of Data Breach
Georgia Tech reports: Georgia Tech Human Resources notified employees Thursday morning of a data breach that occurred in Tech’s systems earlier this month. On Dec. 12, a Georgia Tech employee conducted research on a trusted website that had been compromised by a malicious software known as ransomware. The ransomware infiltrated the employee’s computer, which was…
Texas firm exposed fetal and patient ultrasounds (updated)
Corpus Christi-based 4D Sound Diagnostics (3d4dinfo.com and Bump 2 Baby & Beyond) provides elective ultrasounds for women or couples who want an image of their baby. The firm, owned by technologist Michael Rodriguez and formerly based in Louisiana, also provides ultrasound services in doctors’ offices. While many of their clients appear to be in the former group (fetal ultrasounds that…