![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
According to the web site, "True Health is a privately held health services company specializing in “comprehensive testing for early detection of chronic diseases,” according to the company’s Web site." They had a VERY serious flaw in the way their web site allowed you to display your information: your personal account was an incrementing number, and while viewing your information, you could change the number in your browser and view someone else's information.
Can you spell HIPAA violation? I knew you could.
I can't believe someone would allow crap like this to continue in this day and age. I remember a certain credit card company, it might have been Citi, had the exact same company upwards of a decade ago. Completely inexcusable. And looking at the account number of the person who tipped Brian Krebs to the problem, they have perhaps two million customers. Not good.
The flaw has been (supposedly) fixed, they're now in the phase of trying to figure out how many people's information may have been accessed and doing notification.
https://krebsonsecurity.com/2017/05/website-flaw-let-true-health-diagnostics-users-view-all-medical-records/
Can you spell HIPAA violation? I knew you could.
I can't believe someone would allow crap like this to continue in this day and age. I remember a certain credit card company, it might have been Citi, had the exact same company upwards of a decade ago. Completely inexcusable. And looking at the account number of the person who tipped Brian Krebs to the problem, they have perhaps two million customers. Not good.
The flaw has been (supposedly) fixed, they're now in the phase of trying to figure out how many people's information may have been accessed and doing notification.
https://krebsonsecurity.com/2017/05/website-flaw-let-true-health-diagnostics-users-view-all-medical-records/
