Monthly Archives: June 2014

Former employee accesses nearly 100,000 patient files

June 27, 2014

A wealth of personal information for nearly 100,000 individuals has been accessed by a former employee of the New York-based NRAD Medical Associates.

The data of around 97,000 current and former patients was compromised when the radiologist accessed and lifted the information without approval. Data included names, addresses, Social Security numbers and insurance information. Sensitive medical codes were also stolen, including those related to procedures. 

Continue reading

Metropolitan Companies announces potential breach

June 26, 2014

Metropolitan Companies is currently in the process of notifying individuals of a possible data breach, one which may have left their personal information open to a third party.

The attack was identified on April 21 when Metropolitan Companies noticed an unauthorised third party had accessed computer systems, stealing documents containing the data.  The company has not yet confirmed what information has been stolen, but is required to notify potential victims.

Continue reading

Snowshoe spam attacks detected from .club domains

June 25, 2014

A significant increase in hit-and-run spam attacks (sometimes called snowshoe attacks) has been detected by the The Symantec Global Intelligence network.

Researchers from Symantec detected the attacks on 12 June as coming exclusively from .club domains. Earlier this year the Internet Corporation for Assigned Names and Numbers (ICANN) released a number of top level domains (also called GTLDs) with .club among them.

Continue reading

Breach investigation at San Diego hospital reveals human error as cause

The personal information of patients admitted to Rady Children's Hospital (RCH) in San Diego has been breached, with over 20,000 individuals affected.

Two separate emails were sent out by an employee, one with the information of 14,121 individuals and the other with the details of 6,307. Data for the 14,121 included names, dates of birth, treatment information and insurance information.

Continue reading

New cyber security research centre launched

June 21, 2014

A new cyber security research centre has been launched, one dedicated to building an understanding of cyber threats and their effects.

Launched by the Assistant Minister for Defence, Stuart Robert, the centre – based at the Australian Defence Force Academy (ADFA) – will bring cyber security researchers together to work on national, business and individual security.

Continue reading

‘Passwords for Payments’ to help small businesses

Small businesses can face insurmountable damage following payment card breaches, when customer payment information is leaked.

To counteract this, the PCI Security Standards Council is seeking 50 companies to become Passwords for Payments (P4P) ambassadors. Under the new initiative, small businesses will be educated on how to use strong passwords on point-of-sale devices and computers to reduce the risk of data breaches.

Continue reading

Employee takes data home, risks compromising patient confidentiality

June 14, 2014

Patients of a medical facility are being notified of a potential compromise in information security, due to a staff member mishandling sensitive information.

Penn State Hershey Medical Centre in the US notified 1,800 patients that their information could be at risk, as an employee had been working with data from home. In this time, the lab technician was operating outside of the secure medical centre system.

Continue reading

Highmark notifies thousands of possible breach

June 13, 2014

Healthcare company Highmark may have inadvertently leaked the personal information of around 3,675 members, due to an internal error.

A mailing error was made by a Highmark employee on April 19, who sent out health risk assessments containing personal information to the wrong members. Names, addresses, dates of birth and other assorted medical information were attached.

Continue reading