May. 9th, 2017

thewayne: (Default)
According to the web site, "True Health is a privately held health services company specializing in “comprehensive testing for early detection of chronic diseases,” according to the company’s Web site."  They had a VERY serious flaw in the way their web site allowed you to display your information: your personal account was an incrementing number, and while viewing your information, you could change the number in your browser and view someone else's information.

Can you spell HIPAA violation?  I knew you could.

I can't believe someone would allow crap like this to continue in this day and age.  I remember a certain credit card company, it might have been Citi, had the exact same company upwards of a decade ago.  Completely inexcusable.  And looking at the account number of the person who tipped Brian Krebs to the problem, they have perhaps two million customers.  Not good.

The flaw has been (supposedly) fixed, they're now in the phase of trying to figure out how many people's information may have been accessed and doing notification.

https://krebsonsecurity.com/2017/05/website-flaw-let-true-health-diagnostics-users-view-all-medical-records/

September 2017

S M T W T F S
     12
3 4 5678 9
101112 1314 15 16
1718 19 20212223
24252627282930

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Sep. 22nd, 2017 01:35 pm
Powered by Dreamwidth Studios