BreachExchange mailing list archives
follow-up: Wuesthoff Web site security breached
From: lyger <lyger () attrition org>
Date: Fri, 15 Aug 2008 11:37:24 +0000 (UTC)
(so which is it... "hackers" or little ol' Google? you decide...) http://www.floridatoday.com/apps/pbcs.dll/article?AID=/20080815/BUSINESS/808150326/1006/NEWS01 Hackers penetrated Wuesthoff Health System's pre-registration Web site earlier this week, gaining access to personal information on 500 patients, including names, addresses and Social Security numbers. Advertisement Wuestoff officials said there were six outside "hits" Tuesday and Wednesday to its live Web site, where patients registered ahead of time for surgery, lab work and other services the Rockledge-based healthcare system provides. The site was immediately shut down. [...] In Wuesthoff's case, Crites said the provider uses the same encryption technology to protect online information as banks do, but installed a new software program two weeks ago, called Google Analytics, that may have provided a portal for unauthorized entry. Wuesthoff implemented the program to better track consumers researching its Web site, she said, and has never had a problem until now. The on-site database has been in existence since 2006, she said. "The breach of information does not appear to be a malicious entry," Crites said. "It was the depth and capabilities of the Google search engine." [...] _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- follow-up: Wuesthoff Web site security breached lyger (Aug 15)