Stanford takes another security hit: second breach in one year

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.cmio.net/index.php?option=com_articles&view=article&id=34773:stanford-takes-another-security-hit-second-breach-in-one-year

By Beth Walsh
CMIO.net
August 6, 2012

Less than a year after it was discovered that almost 20,000 patient names 
and diagnoses were published on a public website where they remained for a 
full year, Stanford Hospitals & Clinics and the School of Medicine has 
suffered another data breach. A password-protected computer was stolen 
from a physician's locked office.

The breach occurred on July 15 or 16, and the organization is in the 
process of notifying 2,500 affected patients, according to a statement. 
Compromised information included names, location of service and medical 
records; some treatment histories and dates of birth or ages; and a 
?small? amount of Social Security numbers. The university is offering paid 
identity protection services and said it has tightened security.

The stolen computer has tracking software that enables the university to 
know if it has been connected to the internet and its location, but the 
computer has not yet been detected. Police are investigating.

[...]

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.