Microsoft blamed for million-plus patient record theft at US hospital giant
A former Nuance Communications employee stole personal data from over a million Geisinger patients, prompting an investigation and arrest. Microsoft is cooperating with authorities amid concerns over data security practices.
Read original article
A former employee at a Microsoft subsidiary, Nuance Communications, is accused of stealing highly personal data from over a million Geisinger patients. The breach was discovered in November, with the ex-employee accessing and copying sensitive records two days after being terminated. The stolen information includes birth dates, addresses, hospital records, and demographic data, but not financial details. Nuance conducted its investigation and estimated the theft to involve data on a million-plus individuals. Geisinger promptly informed Nuance and law enforcement, leading to the former employee's arrest and facing federal charges. Microsoft, the parent company of Nuance, is cooperating with authorities. This incident raises concerns about data security practices within Microsoft and its subsidiaries, especially in light of previous security lapses. Geisinger is working closely with authorities on the investigation, emphasizing the importance of data protection and privacy in healthcare settings.
Related
Microsoft admits no guarantee of sovereignty for UK policing data
Microsoft admits inability to guarantee UK policing data sovereignty on its public cloud, potentially breaching UK data protection laws. Concerns persist despite company's efforts to address issues, impacting all UK government users.
Snowflake breach snowballs as more victims, perps, come forward
The Snowflake data breach expands to include Ticketek, Ticketmaster, and Advance Auto Parts. ShinyHunters claim involvement, Snowflake enforces security measures. CDK faces ransomware attack, Juniper and Apple vulnerabilities identified. Jetflicks operators convicted.
Engineer insists Post Office software did a 'good job'
Former Fujitsu engineer Gareth Jenkins defended Horizon IT system's performance amid Post Office scandal. Testimony contradicts system's reliability, sparking controversy and raising questions about sub-postmasters' convictions. Ongoing investigations and public scrutiny ensue.
Rabbit data breach: all r1 responses ever given can be downloaded
A data breach at Rabbit Inc. exposed critical API keys for ElevenLabs, Azure, Yelp, and Google Maps, compromising personal information and enabling malicious actions. Rabbit Inc. has not addressed the issue, urging users to unlink Rabbithole connections.
Mitigating Skeleton Key, a new type of generative AI jailbreak technique
Microsoft has identified Skeleton Key, a new AI jailbreak technique allowing manipulation of AI models to produce unauthorized content. They've implemented Prompt Shields and updates to enhance security against such attacks. Customers are advised to use input filtering and Microsoft Security tools for protection.
7 commentsI have a bad feeling that the 2020s and 30s are going to continue revealing these lapses where they exist, and while I experience no schadenfreude at headlines like this I’m also happy these incidents are getting major attention.
> Geisinger on Monday announced the results of a probe into a November computer security breach, placing the blame on Microsoft-owned Nuance Communications for not cutting off one of its employees' access to corporate files after that person was fired.
I saw one of the letters they’ve now just started to send.
I know its popular online to complain about being cutoff from access when being let go. This might be a counterpoint to that outrage?
Related
Microsoft admits no guarantee of sovereignty for UK policing data
Microsoft admits inability to guarantee UK policing data sovereignty on its public cloud, potentially breaching UK data protection laws. Concerns persist despite company's efforts to address issues, impacting all UK government users.
Snowflake breach snowballs as more victims, perps, come forward
The Snowflake data breach expands to include Ticketek, Ticketmaster, and Advance Auto Parts. ShinyHunters claim involvement, Snowflake enforces security measures. CDK faces ransomware attack, Juniper and Apple vulnerabilities identified. Jetflicks operators convicted.
Engineer insists Post Office software did a 'good job'
Former Fujitsu engineer Gareth Jenkins defended Horizon IT system's performance amid Post Office scandal. Testimony contradicts system's reliability, sparking controversy and raising questions about sub-postmasters' convictions. Ongoing investigations and public scrutiny ensue.
Rabbit data breach: all r1 responses ever given can be downloaded
A data breach at Rabbit Inc. exposed critical API keys for ElevenLabs, Azure, Yelp, and Google Maps, compromising personal information and enabling malicious actions. Rabbit Inc. has not addressed the issue, urging users to unlink Rabbithole connections.
Mitigating Skeleton Key, a new type of generative AI jailbreak technique
Microsoft has identified Skeleton Key, a new AI jailbreak technique allowing manipulation of AI models to produce unauthorized content. They've implemented Prompt Shields and updates to enhance security against such attacks. Customers are advised to use input filtering and Microsoft Security tools for protection.