BreachExchange mailing list archives
Hacker May Have Accessed DHH Database
From: Christine Fulgham <christine () opensecurityfoundation org>
Date: Wed, 10 Nov 2010 16:46:00 -0500
http://www.2theadvocate.com/news/105946193.html Some 56,000 emergency medical technicians were advised this week that a hacker may have gained access to personal information about them contained in a state licensing database. The state Department of Health and Hospitals sent letters to the emergency medical technicians, notifying them of the incident that occurred Sept. 17. “The Federal Trade Commission recommends that consumers whose personal information may have been compromised take steps to detect or prevent its misuse,” the letter advised. It also directed readers to the Federal Trade Commission website for guidance. Department of Health and Hospitals spokeswoman Lisa Faust said Bureau of Emergency Medical Services personnel discovered the database breach. The unauthorized entry gave the hacker access to an individual’s name and personal information, including Social Security numbers. “What we don’t know is whether the hacker was able to access any information,” Faust said. A computer screen displayed the message “You have been hacked,” Faust said. “Since we don’t know one way or the other we sent notices out to 56,000 people that there’s a potential that the information was compromised.” “Although we have no indication that information was actually released, we know that it was accessed,” Tony Keck, DHH’s deputy secretary, said Wednesday. Both the East Baton Rouge Parish Sheriff’s Office and the Louisiana Attorney General’s Office are investigating, Keck said. The people in the database are individuals applying for classes or certifying as first responders or EMTs in the state of Louisiana. Anyone who has applied for a refresher class, state reciprocity or to take an EMT class is listed on the site. The list includes high school seniors who are in EMS-related programs through the education department. The letter to EMTs and first responders said because instructors and other authorized people throughout the state use the database, the portal is Internet accessible. The letter to EMTs said the agency has taken steps to prevent a computer breach in the future, including strengthened password requirements and other security measures to prevent unauthorized access. Faust said the delay in notifying the EMTs came because the agency had to find the money to cover the cost of printing the letters and stamps. “It was an unusual circumstance,” she sa
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- Hacker may have accessed DHH database Christine Fulgham (Nov 07)
- Re: [Dataloss] Hacker may have accessed DHH database Jeffrey Walton (Nov 16)
- <Possible follow-ups>
- Hacker May Have Accessed DHH Database Christine Fulgham (Nov 16)