Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Healthcare Breach Exposes Nearly 4 Million Patients' Data
Newest First  |  Oldest First  |  Threaded View
ANON1246035364753
50%
50%
ANON1246035364753,
User Rank: Apprentice
11/18/2011 | 7:36:30 PM
re: Healthcare Breach Exposes Nearly 4 Million Patients' Data
FAILED!!! Why would any company house an important database on a PC that's accessible? Anybody with a half of a brain knows that a database of this importance is supposed to be housed on a server in a secured datacenter. This company must never get audited. If the database was on a PC, the timing of the theft of this PC is very fishy (inside job maybe?). My guess is that the story of being in the middle of an encryption roll-out is a cover story to soften the blow of the fact that they lost nearly 4 million patients records. Lawsuit anybody?!?!?
Lisa Henderson
50%
50%
Lisa Henderson,
User Rank: Apprentice
11/18/2011 | 5:06:57 PM
re: Healthcare Breach Exposes Nearly 4 Million Patients' Data
And I have two questions...has there been any fallout yet with the information that was obtained?

And I have to lock my laptop to a device on my desk if I am leaving it. Yes, have I forgotton to lock it, yes. But there are multiple steps that need to be taken, physical and technical (encryption), to help data security.

Lisa Henderson, InformationWeek Healthcare, contributing editor
moarsauce123
50%
50%
moarsauce123,
User Rank: Ninja
11/18/2011 | 3:34:37 PM
re: Healthcare Breach Exposes Nearly 4 Million Patients' Data
Okay, now for the pertinent information... How do we find out if our medical providers use Sutter Physician Services?


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Introducing 'Secure Access Service Edge'
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  7/3/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5607
PUBLISHED: 2020-07-10
Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2020-15001
PUBLISHED: 2020-07-09
An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0.0 to 5.2.6 and 5.3.0 to 5.3.1. The OTP application allows a user to set optional access codes on OTP slots. This access code is intended to prevent unauthorized changes to OTP configurations. The access code is not checked when u...
CVE-2020-15092
PUBLISHED: 2020-07-09
In TimelineJS before version 3.7.0, some user data renders as HTML. An attacker could implement an XSS exploit with maliciously crafted content in a number of data fields. This risk is present whether the source data for the timeline is stored on Google Sheets or in a JSON configuration file. Most T...
CVE-2020-15093
PUBLISHED: 2020-07-09
The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A ...
CVE-2020-15299
PUBLISHED: 2020-07-09
A reflected Cross-Site Scripting (XSS) Vulnerability in the KingComposer plugin through 2.9.4 for WordPress allows remote attackers to trick a victim into submitting an install_online_preset AJAX request containing base64-encoded JavaScript (in the kc-online-preset-data POST parameter) that is execu...