如何最佳地报告网站数据泄露?
我偶然在谷歌上搜索了某个人的名字,发现了一个链接,里面有他们的个人信息(姓名/地址/电话号码/驾照/保险信息),以健康保险索赔的形式呈现。这些信息大约有三年历史。该网站似乎是一个全州范围的医疗服务提供者网络,但主页上显示该业务已经关闭,顶级链接(如关于我们等)返回404错误。然而,搜索引擎仍然返回各个城市个人的索赔表单,这些搜索链接可以找到可下载的PDF文件。我在考虑首先联系州检察长。此外,还有HHS.gov可以提交HIPAA投诉。任何建议都将非常感激。
查看原文
I happened to do a google search on someone's name and happened upon a link to a PDF containing their personal information (name / address / phone # / drivers license / insurance info) in the form of a health insurance claim. The info for this person is about 3 years old. The website itself appears to be a statewide network of healthcare providers, but the main page says that the business is now closed, and the top-level links (such as about/) return a 404. However search engines return claim forms for individuals in various cities across the state, and these search links find PDFs that can be downloaded. I'm thinking of contacting the state attorney general first. There is also HHS.gov for filing a HIPAA complaint. Any advice would be greatly appreciated.