News and Updates on Information Technology

United States – The New York Foundling

Exploit: Unsecured Database
The New York Foundling: Children’s Charity

Risk to Small Business: 1.662 = Severe

The New York Foundling, a venerable children’s charity, has had a significant data exposure. Researchers discovered an unsecured database contained more than 2,000 CSV and TXT files, each with hundreds or thousands of entries related to patients’ medical records, children’s legal guardians, case workers, doctors, and other child welfare specialists.

Individual Risk: 1.707 = Severe

At least 13,000 entries on medical procedures including vaccines, diagnostic tests, patient IDs, referral details, chart notes with descriptions and patient IDs. Another 7,000 entries for patients are in the trove, including: patient names and birthdates, parent/guardian names and phone numbers and insurance or agency information. A TXT file containing SSNs and what appears to be IDs, but without names or other identifying information is in the mix. Employee information is also included with staff names, ID numbers and other details.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Making simple, avoidable blunders like this is a tragedy. Not only have many families had data exposed, but this charity hospital will also be paying huge HIPAA fines.