Data Exposed Due to Security Breaches at Tridas Group LLC and South Walton Fire District

A database that contains the personally identifiable information (PII) of over 16,000 kids was exposed online and may be viewed with no password or any other type of authentication. Security researcher Jeremiah Fowler and the Website Planet team found the database and traced it to Tridas Group LLC. The group is the creator of Tridas eWriter, a cloud-based software program that enables parents and teachers to quickly accomplish interviews to assist in the diagnosis and taking care of children having behavioral and developmental problems.

Fowler tested 1,000 records and mentioned all of the records comprised at least a certain type of PII of children. Every record had a different patient ID number. The records likewise included names, dates of birth, home addresses, school attended, medical diagnoses, special needs, and particulars of social or behavioral problems. The records seemed to be questionnaires that the parents completed before their initial evaluation appointment.

Based on the website planet team report, anyone could access the database via a misconfigured IP that exposed the host domain, login site, and where the information was kept. The researchers could not know the length of time the records were exposed or whether those records contained details of behavioral issues. Based on the Trident web page, the Trident Center shut down on December 31, 2019. Read the additional information in the Website Planet report.

Ransomware Attack on South Walton Fire District Impacts Around 25,331 Persons

South Walton Fire District based in Florida has lately reported that it suffered a ransomware attack at the end of May 2022. The fire district, which offers fire protection and emergency medical services, identified on May 30 that an unauthorized third party had acquired access to its computer system. Third-party cybersecurity professionals helped the fire district to confirm that the threat actor got access to sections of the system that included data covered by HIPAA, such as names, birth dates, addresses, Social Security numbers, treatment dates, health diagnostic and treatment data, and medical insurance data.

The investigation and succeeding confirmation of contact details for impacted persons were finished in October 2022. Notification letters have already been mailed to impacted persons, who were provided free identity theft protection and credit monitoring services. The fire department affirmed that it had secured its digital system without giving ransom payment and has integrated extra levels of security to stop more incidents later on.

The breach report was submitted to the HHS’ Office for Civil Rights indicating that 25,331 persons were affected.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone