Security Breach

Two phishing attacks on Minnesota DHS breach 21,000 patient records

For more than a month, two separate employee accounts were compromised by the cyberattacks before the IT department discovered the hack. The first email compromise began on June 28, the second on July 9, but officials said the IT department did not discover the hack until August. The subsequent investigation could not determine whether the

[ Read More ]

Two misconfigured databases breach thousands of MedCall Advisors patient files

A researcher discovered the North Carolina-based tech vendor is leaking protected patient data through its Amazon S3 bucket twice in a month. Security researcher Britton White contacted DataBreaches.net that MedCall, a workers compensation and healthcare solutions vendor, left a storage bucket containing 10,000 files exposed to the internet, available for download and or deletion or

[ Read More ]

Facebook Can’t Reset All Breach Victims’ Access Tokens

Warning: Attackers behind the recently revealed Facebook mega-breach may still be able to access victims’ accounts at some third-party web services and mobile apps, and Facebook has offered no timeline for when a full lockdown might occur – although there are no signs of third-party account takeovers.

[ Read More ]

Preventing Business Associate Health Data Breaches

Because business associates have been culprits in heath data breaches impacting millions of individuals, healthcare entities need to be diligent in taking steps to reduce the persistent risks these vendors pose, says privacy and security expert Susan Lucci.”Business associates should be viewed as an extension of your workforce,” says Lucci of the consultancy tw-Security.”In other

[ Read More ]

50 Million Facebook Accounts Breached

“Attackers exploited a vulnerability in Facebook’s code that impacted ‘View As,’ a feature that lets people see what their own profile looks like to someone else,” Facebook says in a statement posted Friday. “This allowed them to steal Facebook access tokens, which they could then use to take over people’s accounts. Access tokens are the

[ Read More ]

Health Data Breach Tally Shows Mistakes That Lead to Trouble

Recent additions to the federal health data breach tally shine a light on the mistakes that contribute to breaches – and in some cases, make situations far worse. Breaches added to the Department of Health and Human Services’ HIPAA Breach Reporting Tool website – commonly called the “wall of shame” – in recent weeks range

[ Read More ]

Employee error exposed data of 16,000 Blue Cross patients online for 3 months

An employee uploaded a file containing member information to a public-facing website in April, but officials did not discover the error until July. Philadelphia-based Independence Blue Cross is notifying 16,762 patients — about 1 percent of its members — that their data was exposed online for a number of months, due to an employee uploading

[ Read More ]

Postmortem: Multiple Failures Behind the Equifax Breach

A newly released report on the Equifax breach from the U.S. Government Accountability Office, titled “Data Protection: Actions Taken by Equifax and Federal Agencies in Response to the 2017 Breach,” provides new details into how the breach occurred and what Equifax could have done to have helped prevent or more rapidly mitigate it, centering on

[ Read More ]