https://cybernews.com/security/new-york-charity-leaves-sensitive-patients-data-unsecured/
Exploit: Unsecured Database
The New York Foundling: Children’s Charity
Risk to Small Business: 1.662= Severe The New York Foundling, a venerable children’s charity, has had a significant data exposure. Researchers discovered an unsecured database contained more than 2,000 CSV and TXT files, each with hundreds or thousands of entries related to patients’ medical records, children’s legal guardians, case workers, doctors, and other child welfare specialists.
Individual Risk: 1.707 = Severe At least 13,000 entries on medical procedures including vaccines, diagnostic tests, patient IDs, referral details, chart notes with descriptions and patient IDs. Another 7,000 entries for patients are in the trove, including: patient names and birthdates, parent/guardian names and phone numbers and insurance or agency information. A TXT file containing SSNs and what appears to be IDs, but without names or other identifying information is in the mix. Employee information is also included with staff names, ID numbers and other details.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Making simple, avoidable blunders like this is a tragedy. Not only have many families had data exposed, but this charity hospital will also be paying huge HIPAA fines.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
