Aug 162018

Matt Kempner reports on a developing story:

A breach of email accounts at Augusta University Health may have exposed sensitive  health and personal information of about 417,000 people, including patients around the state, the university announced Thursday.

Those at risk are primarily patients of Augusta University Health, including Augusta University Medical Center (which is the teaching hospital for the Medical College of Georgia), Children’s Hospital of Georgia and more than 80 outpatient clinics around the state, according to the university.

Read more on AJC.

Aug 162018

Erin Pearson reports:

A Melbourne private schoolboy who repeatedly broke into Apple’s secure computer systems is facing criminal charges after the technology giant called in the FBI.

The teen, who cannot be named for legal reasons, broke into Apple’s mainframe from his suburban home on multiple occasions over a year because he was such a fan of the company, according to his lawyer.

Read more on The Age.

Aug 102018

From the yeah-this-isn’t-good dept.

Caitlin Shuda reports:

A data breach exposed the names, addresses, personal information and even photographs of more than 250,000 people with information on Adams County computer systems.

Officials in a statement on Friday said they do not have evidence that personal data was stolen, but urged those affected by the breach to take steps against possible identity theft as a precaution.

But it gets a lot worse as you keep reading, because it seems that attackers accessed personal information from multiple state agencies. That information included  personal identification information, health information and tax information from multiple departments including the Veterans Service Office, Health and Human Services, Child Support and the Sheriff’s Office. And if that’s not disturbing enough, the access occurred between  between Jan. 1, 2013 and March 28, 2018.

Read more on Wisconsin Rapids Tribune.

Aug 092018

Cory Doctorow reports:

Comcast Xfininty’s login page had an easily found bug that allowed anyone to gain access to the Social Security Numbers and partial home addresses of over 26.5 million customers.

Comcast spokesapologist David McGuire says the company patched the bug quickly after being notified of its existence by security researcher Ryan Stevenson, and added that the company “take[s] our customers’ security very seriously,” adding that the company didn’t think anyone had exploited the bug.

Read more on BoingBoing.

Aug 082018

As regular readers know by now, compiles data from health data breaches in the U.S. for Protenus, Inc.  For the past few years, Protenus published monthly statistics and analyses, but this year, shifted to a quarterly report with more analyses and some fascinating proprietary data.  Here’s an example of what you’ll find in their newest report, out today:

In Q2 2018, 29.71% of privacy violations were repeat offenders. This evidence indicates health systems accumulate risk that compounds over time if proper reporting and education do not occur. On average, if an individual healthcare employee breaches patient privacy once, there is a greater than 30% chance that they will do so again in three months’ time, and a greater than 66% chance they will do so again in a years’ time.

I think you’ll find a lot of interesting findings in there to mull over.  You can access it for free (and with no registration required) on Protenus’s site.