India’s state gas company leaks millions of Aadhaar numbers

 Posted by at 8:04 am  Exposure, Government Sector, Non-U.S.
Feb 192019
 

Zack Whittaker reports:

Another security lapse has exposed millions of Aadhaar numbers.

This time, India’s state-owned gas company Indane left exposed a part of its website for dealers and distributors, even though it’s only supposed to be accessible with a valid username and password. But the part of the site was indexed in Google, allowing anyone to bypass the login page altogether and gain unfettered access to the dealer database.

The data was found by a security researcher who asked to remain anonymous for fear of retribution from the Indian authorities.

Read more on TechCrunch.

Healthcare hotline: Millions of medical advice calls exposed in Sweden

 Posted by at 7:58 am  Exposure, Health Data, Non-U.S., Of Note
Feb 192019
 

John Leyden reports:

Calls recorded by a Swedish national health service hotline were stored on an unencrypted system that was publicly accessible to anyone with an internet connection, it has emerged.

An estimated 2.7 million phone calls were discovered to have been left open by an unprotected NAS (network attached storage) system, and were accessible without a password or any authentication, according to local reports.

Wav on MP3 files were reportedly stored but are no longer available.

An estimated 170,000 hours of calls dating back to 2013 were exposed, tech title ComputerSweden reports.

Read more on The Daily Swig.

PH: Tuburan, Sotto hospital incidents: Publicizing video is the offense

 Posted by at 2:29 pm  Breach Incidents, Exposure, Health Data, Insider, Non-U.S.
Feb 172019
 

Pachico A. Seares reports:

WHEN Dr. Wyben Briones owned up the profession’s mantra of confidentiality to news reporters more than 10 years ago, the local medical community was stung with the embarrassment over the “rectum canister scandal.”

A video clip was passed from phone to phone and uploaded on YouTube, showing doctors and nurses at the operating room of Vicente Sotto Medical Center in Cebu City laughing “boisterously” as a surgeon removed a perfume canister from the rectum of a homosexual. Breach of the male patient’s privacy was clear even though his face was not shown. His plight was announced to the world as news outlets across the globe picked up the story.

Last Feb. 8, in the Tuburan, Cebu district hospital, while a patient howled, bloodied from multiple gunshots, a nurse took a video of his agony and passed on the clip to three other nurses who circulated it on social media. Another breach of the patient’s privacy, though the story had less human interest and didn’t make it to the world press.

[…]

The Tuburan hospital chief cited the Data Privacy Act of 2012 (Republic Act 10173). The law refers to disclosure in the “processing of sensitive and personal information” and the personal information includes “health and sexual life” of the patient.

But “processing” of information that doctors and nurses do rarely includes photo-taking and video recording. The Tuburan chief of hospital even said he bans phones when personnel are on duty. They don’t need to take photo or video while treating the patient. Without the images, doctors and nurses wouldn’t have to resist social media’s temptation to break one “core duty”: confidentiality.

Read more on SunStar. I’ve deleted the portion of the reporting that reveals what the consequences were to staff for these breaches.  Think about what you think the consequences should have been, and then go read the rest of the story to see what actually happened.

Personal info exposed after State of Ohio sends wrong tax forms to 9,000 people

 Posted by at 2:18 pm  Exposure, Government Sector, U.S.
Feb 172019
 

Sarah Wynn reports:

The Ohio Department of Commerce says thousands of letters were sent by the state to those who qualify for unclaimed funds, but the letters were sent to the wrong people. The letters include personal information, including names and social security numbers, according to the state.

“Due to a processing error, approximately 9,000 consumers were mailed forms that were inaccurate,” the Ohio Department of Commerce’s Division of Unclaimed funds announced in a release on Friday.

Read more on ABC6.

Piles of Southside Medical Center patients’ confidential medical records found outside the Atlanta clinic

 Posted by at 7:46 am  Exposure, Health Data, Paper, U.S.
Feb 172019
 

Michael Seiden reports:

Piles of partially burned medical records were discovered across the street from a metro Atlanta medical center, Channel 2 Action News has learned.

Southside Medical Clinic said they have no idea how the records got there.

A viewer alerted Channel 2’s Michael Seiden to the issue in a parking lot across the street from the clinic. Seiden went to an abandoned building across the street, where he found hundreds of patient documents in a dumpster and others stored outside in shipping crates.

Read more on WSBTV.

 Older Entries