14 matches found
The Conduent breach; from 10 million to 25 million (and counting)
The Conduent breach has quietly grown into one of the biggest third‑party data incidents in US history, and the real story now is how many different programs and employers are swept up in it, even for people who have never heard of Conduent. When we first covered this incident, public filings...
RFK Jr. Orders HHS to Give Undocumented Migrants’ Medicaid Data to DHS
Plus: Spyware is found on two Italian journalists’ phones, Ukraine claims to have hacked a Russian aircraft maker, police take down major infostealer infrastructure, and more...
DOGE as a National Cyberattack
In the span of just weeks, the US government has experienced what may be the most consequential security breach in its history--not through a sophisticated cyberattack or an act of foreign espionage, but through official orders by a billionaire with a poorly defined government role. And the...
provider.indianamedicaid.com Cross Site Scripting vulnerability OBB-3885737
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
medicaid.publicrep.org Cross Site Scripting vulnerability OBB-3827617
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
provider.indianamedicaid.com Cross Site Scripting vulnerability OBB-3383293
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
medicaid.com.au Cross Site Scripting vulnerability OBB-2834286
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Would ‘Medicare for All’ help secure health data?
DISCLAIMER: This post is not partisan, but rather focuses on risk assessment based on history and what threats we are facing in the future. We do not endorse any healthcare plan style in any way, outside of examining its data security risk. For many folks, the term ‘Healthcare for All’ brings up ...
OIG Report Finds Vulnerabilities in Medicaid Services Agency
Vulnerabilities exist in systems that belong to the Centers for Medicare & Medicaid Services, a federal agency that’s part of the United States’ Department of Health and Human Services. If exploited the bugs could result in the disclosure of personally identifiable information and the “disruption...
Utah Medicaid Hack Now Affecting Half a Million, 280K SSNs Stolen
The number of victims involved in the recent Utah Department of Health hack has climbed once again with the state health agency announcing yesterday that the breach has affected approximately 500,000 Utah residents, while an additional 280,000 residents had their Social Security numbers stolen. T...
181000 records compromised in Utah Security Breach
181000 records compromised in Utah Security Breach Utah health officials said that hackers who broke into state computers last weekend stole far more medical records than originally thought, and the data likely includes Social Security numbers of children who have received public assistance. The...
Utah Data Breach of 181,000 Records Blamed on Configuration Error
Nearly 200,000 people who receive benefits from the Medicaid and Child Health Insurance Plan in Utah have had their personal information–including Social Security numbers in some cases–compromised as part of an intrusion on the network at the Utah Department of Technology Services. The 181,000...
Electronic Health Records and Meaningful Use: Protecting Electronic Health Information
Since 2009, healthcare providers and other companies providing services to the healthcare industry have been mobilizing to take advantage of government incentives to implement Electronic Health Records or EHRs. These incentives were established by federal law as a part of the HITECH Act of 2009,...
Medicaid CIO: Security for Many Companies Is 'Embarassing'
The level of information security in systems run by some companies that want to be linked electronically with the Centers for Medicare and Medicaid Services CMS is so rudimentary that it is “almost embarrassing,” said Julie Boughn, CMS’ chief information officer. Read the full article. Federal...