Monday, December 21, 2015

Walmart Leaked Data Appearing Online

With the holiday season right around the corner we started noting post on forums with a list of usernames and passwords. We have begun notifying the end users of the leaked information to see if we can verify if they re legitimate.

Of the 5 people that responded so far 3 of the accounts were legitimate and 2 were old login details that were no longer valid so the data looks somewhat dated. We are still notifying individuals of the leaked information.

Saturday, December 5, 2015 Breached

A database containing the personal contact information at was reported today. It appears through our research that the information is legitimate.

In addition to name, phone number the breach also indicates if the employee is full or part time, departments and additional information that should not have been posted.

It's interesting watching as these organizations fall victim to SQLi attacks.

Friday, December 4, 2015

WakeMed again in the HIPAA Hot Seat

While I previously have taken down a post at the request of WakeMed I felt that I had to report this one. As reported on WRAL:

WRAL in North Carolina reports:
A Cary law firm has filed a motion against WakeMed, accusing the hospital of releasing patients’ private information, including Social Security numbers, making them susceptible to identity theft.
Cort Walker, a bankruptcy and civil business litigation attorney at Sasser Law Firm, said he noticed a problem while reviewing records WakeMed had filed to collect debts from former patients who had declared bankruptcy.
The law firm says it found 158 cases involving its clients dating back to 2013 where WakeMed violated federal bankruptcy code by including Social Security numbers, full dates of birth and medical records.
Read more on WRAL.

As they note in their report, and as noted in the motion for contempt, sanctions, and damages,  Duke University Health System had a similar situation three years ago. I had covered that breach at the time, and noted that it had been reported to HHS as a HIPAA breach. WakeMed will almost certainly report their incident to HHS, although depending on how many patients, total, have had their PHI exposed,  we may not see it in the public breach tool.

Like most HIPAA-covered entities, WakeMed has been noted on this site before. Most recently, in 2014, this site noted reports by SLC Security that WakeMed was leaking patient PHI and they had reached out to them and spoken to them, but the leaks persisted, and WakeMed did not respond to attempts by SLC Security or this site to alert them and get a response from them.  It is not known to this site whether WakeMed ever reported the alleged leaks to HHS, but there is no entry in HHS’s public breach tool.
Credit to for the heads up on this one. 
Previously we reported on a problem with communications from the EPIC system that is even more troubling. This entity continues to have issues. Maybe they should hire us to do a full assessment?

Grace Life Church Compromised appears to be distributing malware and appears to have been compromised. Login to the Threat Intelligence portal for more information.