May. 9th, 2017

thewayne: (Default)
According to the web site, "True Health is a privately held health services company specializing in “comprehensive testing for early detection of chronic diseases,” according to the company’s Web site."  They had a VERY serious flaw in the way their web site allowed you to display your information: your personal account was an incrementing number, and while viewing your information, you could change the number in your browser and view someone else's information.

Can you spell HIPAA violation?  I knew you could.

I can't believe someone would allow crap like this to continue in this day and age.  I remember a certain credit card company, it might have been Citi, had the exact same company upwards of a decade ago.  Completely inexcusable.  And looking at the account number of the person who tipped Brian Krebs to the problem, they have perhaps two million customers.  Not good.

The flaw has been (supposedly) fixed, they're now in the phase of trying to figure out how many people's information may have been accessed and doing notification.

https://krebsonsecurity.com/2017/05/website-flaw-let-true-health-diagnostics-users-view-all-medical-records/

July 2017

S M T W T F S
       1
23 4567 8
910 11 1213 14 15
16 17 18 19 202122
23242526272829
3031     

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Jul. 22nd, 2017 12:52 pm
Powered by Dreamwidth Studios