[Dataloss] follow-up: Wuesthoff Web site security breached
lyger
lyger at attrition.org
Fri Aug 15 11:37:24 UTC 2008
(so which is it... "hackers" or little ol' Google? you decide...)
http://www.floridatoday.com/apps/pbcs.dll/article?AID=/20080815/BUSINESS/808150326/1006/NEWS01
Hackers penetrated Wuesthoff Health System's pre-registration Web site
earlier this week, gaining access to personal information on 500 patients,
including names, addresses and Social Security numbers.
Advertisement
Wuestoff officials said there were six outside "hits" Tuesday and
Wednesday to its live Web site, where patients registered ahead of time
for surgery, lab work and other services the Rockledge-based healthcare
system provides. The site was immediately shut down.
[...]
In Wuesthoff's case, Crites said the provider uses the same encryption
technology to protect online information as banks do, but installed a new
software program two weeks ago, called Google Analytics, that may have
provided a portal for unauthorized entry.
Wuesthoff implemented the program to better track consumers researching
its Web site, she said, and has never had a problem until now. The on-site
database has been in existence since 2006, she said.
"The breach of information does not appear to be a malicious entry,"
Crites said. "It was the depth and capabilities of the Google search
engine."
[...]
More information about the Dataloss
mailing list