IEEE Incident Leads Breach Roundup

Member Passwords Exposed; Hospital Employee Sentenced
IEEE Incident Leads Breach Roundup

In this week's breach roundup, the Institute of Electrical and Electronics Engineers is notifying affected members that unencrypted log files containing their user IDs and passwords were accessible on its website. Also, a former employee at Howard University Hospital has been sentenced after selling patient information.

See Also: Webinar | Passwords: Here Today, Gone Tomorrow? Be Careful What You Wish For.

IEEE Member Passwords Exposed

The Institute of Electrical and Electronics Engineers is notifying affected members that unencrypted log files containing IEEE account user IDs and passwords were accessible on its website.

"We have conducted a thorough investigation and the issue has been addressed and resolved," a statement posted on the IEEE's site explains.

The institute isn't revealing how many members were affected. But Radu Dragusin, a teaching assistant at the University of Copenhagen in Denmark who says he discovered the exposure, explains on a website set up to describe the incident that about 100,000 user IDs and plaintext passwords were publicly available on the IEEE's FTP server, "for at least one month prior to my discovery." He also claims that affected individuals include employees from Apple, Google, IBM, Oracle and Samsung, as well as NASA researchers.

Former Employee Sentenced for Selling Patient Info

A former employee at Howard University Hospital has been sentenced to six months in a halfway house and ordered to perform 100 hours of community service after selling information about 40 patients, as well as blank prescription forms, to another individual, according to the Department of Justice.

Laurie Napper, a former medical technician in the hospital's general surgery department, pled guilty in June to the wrongful disclosure of individually identifiable health information.

On at least three occasions from August 2010 through December 2011, Napper sold the patient names, addresses, dates of birth and Medicare numbers, along with blank hospital prescription forms, and received a total of about $2,100, prosecutors say.

The person who acquired the information then forged prescriptions for oxycodone, a painkiller, and used Napper's contact information at the hospital for verification.

Insurer Notifies Employees of Record Misuse

Blue Cross Blue Shield of Massachusetts is notifying an undisclosed number of current and former employees after a contracted vendor inappropriately misused employee information.

No medical information about the employees was involved, nor was any data on members, employers or health provider, the insurer said in a statement.

The health plan did not specify what kind of information was misused. But it acknowledged that it's providing the current and former employees affected free credit protection services.


About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.co.uk, you agree to our use of cookies.