TRENDING:

IEEE Incident Leads Breach Roundup

Member Passwords Exposed; Hospital Employee Sentenced Jeffrey Roman (gen_sec) • September 26, 2012    
IEEE Incident Leads Breach Roundup

In this week's breach roundup, the Institute of Electrical and Electronics Engineers is notifying affected members that unencrypted log files containing their user IDs and passwords were accessible on its website. Also, a former employee at Howard University Hospital has been sentenced after selling patient information.

See Also: Are You APT-Ready? The Role of Breach and Attack Simulation

IEEE Member Passwords Exposed

The Institute of Electrical and Electronics Engineers is notifying affected members that unencrypted log files containing IEEE account user IDs and passwords were accessible on its website.

"We have conducted a thorough investigation and the issue has been addressed and resolved," a statement posted on the IEEE's site explains.

The institute isn't revealing how many members were affected. But Radu Dragusin, a teaching assistant at the University of Copenhagen in Denmark who says he discovered the exposure, explains on a website set up to describe the incident that about 100,000 user IDs and plaintext passwords were publicly available on the IEEE's FTP server, "for at least one month prior to my discovery." He also claims that affected individuals include employees from Apple, Google, IBM, Oracle and Samsung, as well as NASA researchers.

Former Employee Sentenced for Selling Patient Info

A former employee at Howard University Hospital has been sentenced to six months in a halfway house and ordered to perform 100 hours of community service after selling information about 40 patients, as well as blank prescription forms, to another individual, according to the Department of Justice.

Laurie Napper, a former medical technician in the hospital's general surgery department, pled guilty in June to the wrongful disclosure of individually identifiable health information.

On at least three occasions from August 2010 through December 2011, Napper sold the patient names, addresses, dates of birth and Medicare numbers, along with blank hospital prescription forms, and received a total of about $2,100, prosecutors say.

The person who acquired the information then forged prescriptions for oxycodone, a painkiller, and used Napper's contact information at the hospital for verification.

Insurer Notifies Employees of Record Misuse

Blue Cross Blue Shield of Massachusetts is notifying an undisclosed number of current and former employees after a contracted vendor inappropriately misused employee information.

No medical information about the employees was involved, nor was any data on members, employers or health provider, the insurer said in a statement.

The health plan did not specify what kind of information was misused. But it acknowledged that it's providing the current and former employees affected free credit protection services.

Previous
High Risk: What Alert Means to Banks
Next
More U.S. Banks Report Online Woes

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.



Around the Network

Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.co.uk, you agree to our use of cookies.