如何最好地报告网站数据泄露?
1 分•作者: dcassett•6 个月前
我偶然用谷歌搜索了一个人的名字,结果发现了一个链接,指向一个PDF文件,其中包含了他们的个人信息(姓名/地址/电话号码/驾照/保险信息),这些信息以医疗保险索赔的形式呈现。这个人的信息大约是3年前的。该网站本身似乎是一个全州的医疗保健提供者网络,但主页显示该业务现已关闭,并且顶级链接(例如“关于”)会返回404错误。然而,搜索引擎会返回该州各地个人的索赔表格,这些搜索链接可以找到可供下载的PDF文件。我正在考虑首先联系州检察长。此外,还可以通过HHS.gov提交HIPAA(健康保险流通与责任法案)投诉。非常感谢您的建议。
查看原文
I happened to do a google search on someone's name and happened upon a link to a PDF containing their personal information (name / address / phone # / drivers license / insurance info) in the form of a health insurance claim. The info for this person is about 3 years old. The website itself appears to be a statewide network of healthcare providers, but the main page says that the business is now closed, and the top-level links (such as about/) return a 404. However search engines return claim forms for individuals in various cities across the state, and these search links find PDFs that can be downloaded. I'm thinking of contacting the state attorney general first. There is also HHS.gov for filing a HIPAA complaint. Any advice would be greatly appreciated.