Boston Medical Center Admits Massive Data Breach

Doctors' notes containing 15,000 patients' personal information were posted online by a transcription vendor.

The Boston Globe reports that the Boston Medical Center (BMC) recently began notifying approximately 15,000 of its patients that doctors' notes containing their personal information had been posted without password protection on the Web site of a transcription service used by BMC physicians (h/t HealthITSecurity).

The data exposed on MDF Transcription Services' Web site included patients' names, addresses and medical information, including prescriptions, but did not include Social Security numbers or financial information.

"We have no evidence that any unauthorized individuals actually looked at the records," BMC chief of staff Jenni Watson told the Globe. "But we wanted to notify the patients involved."

Hitachi Unified Storage VM: Comparative Guide

Download Now

In a statement, the hospital said it immediately informed MDF and its subcontractors of the error when it was discovered on March 4, 2014.

"We take our responsibility to maintain our patients' privacy very seriously and have notified all individuals who were affected by this vendor error. ... As a result of this incident, we have terminated our relationship with MDF," the hospital added.

Source: http://www.esecurityplanet.com/network-security/boston-medical-center-admits-massive-data-breach.html

Read More

Boston Medical Center Admits Massive Data Breach

Doctors' notes containing 15,000 patients' personal information were posted online by a transcription vendor.

The Boston Globe reports that the Boston Medical Center (BMC) recently began notifying approximately 15,000 of its patients that doctors' notes containing their personal information had been posted without password protection on the Web site of a transcription service used by BMC physicians (h/t HealthITSecurity).

The data exposed on MDF Transcription Services' Web site included patients' names, addresses and medical information, including prescriptions, but did not include Social Security numbers or financial information.

"We have no evidence that any unauthorized individuals actually looked at the records," BMC chief of staff Jenni Watson told the Globe. "But we wanted to notify the patients involved."

Hitachi Unified Storage VM: Comparative Guide

Download Now

In a statement, the hospital said it immediately informed MDF and its subcontractors of the error when it was discovered on March 4, 2014.

"We take our responsibility to maintain our patients' privacy very seriously and have notified all individuals who were affected by this vendor error. ... As a result of this incident, we have terminated our relationship with MDF," the hospital added.

Source: http://www.esecurityplanet.com/network-security/boston-medical-center-admits-massive-data-breach.html

Read More

Malware Exposes Boomerang Tags Customers' Payment Card Data

Customers' names, addresses, payment card numbers, expiration dates and security codes were exposed.

Pet tag manufacturer Boomerang Tags recently began notifying an undisclosed number of customers that their personal information may have been exposed when malware was installed on the server used to host the company's Web site.

The company believes the malware compromised the payment card data (including name, addresses, payment card number, expiration date and security code) of customers who made purchases on the Web site between July 4, 2013 and February 18, 2014.

"Keeping your personal information secure is of the utmost importance to us, and we took steps to address and contain the incident the same day it was discovered," Boomerang Tags owner Don Carrick wrote in the notification letter [PDF]. "We also promptly engaged a computer forensic investigator to perform an investigation, and we have already taken measures designed to prevent this from happening again [in] the future, such as replacing our old payment processor and designing an entirely new Web site with additional security features that will be launched in the near future."

Storage Capacity and Performance Optimization Tech Talk with Mizuno USA

Download Now

While no credit protection services are being offered to those affected, all recipients of the notification letter are being advised to monitor their credit reports and credit and debit card statements for unusual activity.

Source: http://www.esecurityplanet.com/network-security/malware-exposes-boomerang-tags-customers-payment-card-data.html

Read More

Teen Charged with Hacking School Computers to Change Grades

Jose Bautista faces eight felony charges for accessing his high school's computer system.

CBS Miami reports that Jose Bautista, 18, has been arrested and charged with accessing the computer system at Miami's Dr. Michael M. Krop Senior High School in order to change his own and four other students' report cards (h/t Softpedia).

According to WSVN, Bautista was charged with four counts ofoffenses against intellectual property, public records exemption, and four counts of offenses against computer users.

All eight charges are felonies.

Hitachi Unified Storage VM: Comparative Guide

Download Now

The school's principal said Bautista gave him a written confession, and other students whose grades were altered said Bautista had approached them earlier this year and asked if they wanted their grades changed.

Bautista has been placed under house arrest with a GPS monitor.

"The school district takes incidents like this very seriously," Miami-Dade Schools said in a statement. "In addition to the arrest and ongoing criminal investigation, the Code of Student Conduct provides for corrective strategies up to and including recommendation for expulsion."

Source: http://www.esecurityplanet.com/hackers/teen-charged-with-hacking-school-computers-to-change-grades.html

Read More

Average Cost of a Data Breach Surges to $3.5 Million

Still, according to the Ponemon Institute, just 38 percent of companies surveyed have a security strategy in place to protect their IT infrastructure

According to the Ponemon Institute's ninth annual Cost of Data Breach Study, sponsored by IBM, the average consolidated cost of a data breach increased by 15 percent in the past year to reach $3.5 million.

The survey of 1,690 IT, compliance and information security practitioners at 314 companies in 10 countries also found that the average cost for each lost or stolen record containing sensitive or confidential information rose by more than nine percent to $145.

The most costly data breaches took place in the U.S. and Germany, at $201 and $195 per compromised record, respectively. The least expensive breaches were in India and Brazil at $51 and $70 per record, respectively.

Silver Peak Positioned as a Leader in 2014 Magic Quadrant for WAN Optimization

Download Now

"The goal of this research is to not just help companies understand the types of data breaches that could impact their business, but also the potential costs and how best to allocate resources to the prevention, detection and resolution of such an incident," Ponemon Institute chairman and founder Dr. Larry Ponemon said in a statement.

The greatest threats to the companies surveyed were malicious code and sustained probes -- the companies estimate that they deal with an average of 17 malicious codes and 12 sustained probes each month.

Still, only 38 percent of the companies surveyed have a security strategy in place to protect their IT infrastructure, and just 45 percent have a security strategy to protect their information assets.

Source: http://www.esecurityplanet.com/network-security/average-cost-of-a-data-breach-surges-to-3.5-million.html

Read More