Boston, MA – On September 24, 2014, A laptop and a cell phone containing patient data was stolen from a Brigham and Women’s Hospital physician. Even through both devices were encrypted, the assailants forced the physician to provide the pass codes to bypass the security measures. The press release issued on November 17 by the Brigham and Women’s Hospitable indicted that 999 patients had some of the following information on the devices: names or partial names, medical record number, age, medications, or information about diagnosis and treatment. The patients received treatment at the hospitable between October 2011 and September 2014 and a small amount of the data were participants in research studies. The devices have not been recovered.
The Boston Police were notified immediately and the hospitable started an investigation and created a work group to deal with the incident. They are also reviewing policies and procedures to better counter similar incidents in the future. The hospitable is also notifying the affected patients.
A few weeks ago, there were evidence that Home Depot had a security breach when credit cards were put up for sale on a black market website. This was already covered by this blog in this post. Since then, Home Depot has not only confirmed a breach, but that it had existed from April to September 2014. The release also tells that the malware was found in American and Canadian stores installed in the self-checkout machines, and have been removed from use. There were no signs of data breaches in normal checkout machines, Mexican stores, American or Canadian online websites. Despite card information being compromised, there were no signs that PIN numbers were recorded. Home Depot has also finished installing enhanced encryption in U.S stores on September 15 and Canadian stores are expected to be finished in early 2015. The breach was closed but after 56 million cards were affected. The malware used in this breach was reported to not have been seen in other attacks, however there are signs that this breach was done by the same group of hackers responsible for Target last year. According to Krebsonsecurity.com, the thieves were stealing card information up to five days after first signs of the breach on September 2nd. As of September 22, 2014, Home Depot holds the record for the largest retail card breach. Second place goes to TJX with 45.6 million cards and third place goes to Target with 40 million.