Exposure

No Need to Hack When It’s Leaking, Friday Global Edition

For today’s episode of “No Need to Hack When It’s Leaking,” DataBreaches brings you three leaks involving patient/medical information: one from the U.S., one from India, and one from Australia. Tridas Center Jeremiah Fowler and the Website Planet research team discovered an unsecured database containing more than 16,000 records with personally identifiable information about...

Community Health Network notifies patients of meta pixel breach

Community Health Network in Indiana has become the latest healthcare entity to notify patients that their protected health information was transmitted via trackers on their website from Google and Meta. Their FAQ page attempts to explain it in basic English and does a good job, but there’s no getting around this: Any individual who...

NL: Land Registry data leak: Protected addresses accessible for nearly a month

NL Times reports: A data leak at the Land Registry meant that protected residential addresses were visible and accessible between September 18 and October 11, the organization that manages real estate confirmed to the Volkskrant. According to the Land Registry, the leak occurred during a recent system update, and it notified the Dutch Data Protection Authority....

CT: Brookfield admits ‘blackout pen’ error led to sharing of special education students’ information

Trevor Ballantyne reports: School officials this week acknowledged a failure to properly redact personally identifiable information linked to students receiving special education services from the school district. According to emails obtained by The News-Times, parents accused the district of violating privacy protections laid out under the U.S. Family Education Rights and Privacy Act, or...

AstraZeneca password lapse exposed patient data

Here’s today’s example of “No Need to Hack When It’s Leaking.”  Zack Whittaker reports: Pharmaceutical giant AstraZeneca has blamed “user error” for leaving a list of credentials online for more than a year that exposed access to sensitive patient data. Mossab Hussein, chief security officer at cybersecurity startup SpiderSilk, told TechCrunch that a developer left...

Healthcare provider to incarcerated people discloses breach by data security incident by claims processor

Mediko, Inc. has issued a press release concerning an unintended exposure of protected health information by their third-party claims processor, CorrectCare. According to their notice, on July 6, CorrectCare discovered that two file directories on their server had been misconfigured and were exposing files to the public. The investigation subsequently determined that the exposure...