Half the Population of France Affected by Data Breaches at Healthcare Payment Processors

The French Data Protection Agency, CNIL, is investigating two data breaches at healthcare payment processors that have affected around 33 million individuals –almost half the population of the country.  Viamedis and Almerys provide technological solutions for managing third-party payments for many health insurance and mutual insurance providers. The solutions provided by the firms streamline payments in France’s complex insurance...

Read More
The Mother of All Breaches: Exposed Database Contains 26 Billion Records
Jan23

The Mother of All Breaches: Exposed Database Contains 26 Billion Records

Cybersecurity researcher Bob Diachenko of Security Discovery and the team at CyberNews have uncovered what is thought to be the largest-ever collection of stolen data, consisting of more than 26 billion records. The database they identified on an open storage instance contains an astonishing 12 TB of data, and while there are likely to be duplicates in the database it is still thought to be the biggest collection of stolen data ever...

Read More

23andMe Confirms Hacker Stole Data of 6.9 Million Users

On Friday, the direct-to-consumer genetic testing company, 23andMe, confirmed that hackers gained access to the personal information of approximately 6.9 million customers in an October 2023 cyberattack. The incident came to light when a hacker posted on an online forum claiming they had obtained the profile information of millions of users and offered the data for sale. 23andMe investigated to determine the validity of the claims and...

Read More
Ardent Health System Ransomware Attack Affects Hospitals in Multiple States
Nov29

Ardent Health System Ransomware Attack Affects Hospitals in Multiple States

A U.S. healthcare provider that operates hospitals in 6 states suffered a ransomware attack that has caused outages at several of its hospitals. Ardent Health Services said it first identified an intrusion on the morning of November 23, 2023, and launched an investigation that later revealed it was a ransomware attack. On Thanksgiving Day, several of the hospitals in its network reported network outages. Without access to critical IT...

Read More
COO of Cybersecurity Company Pleads Guilty to Attack on Georgia Hospitals to Drum up Business
Nov21

COO of Cybersecurity Company Pleads Guilty to Attack on Georgia Hospitals to Drum up Business

The former chief operating officer (COO) of a cybersecurity firm who hacked two hospitals in an attempt to win business has changed his plea to guilty in an attempt to avoid a lengthy jail term. On September 27, 2018, two hospitals that are part of Gwinnett Medical Center (GMC) in Georgia suffered cyberattacks that disrupted their phone systems and printers. Access was gained to the phone system and a command was sent that disabled...

Read More
CISA Publishes Healthcare Cybersecurity Mitigation Guide
Nov20

CISA Publishes Healthcare Cybersecurity Mitigation Guide

In New York state, the healthcare industry was the most targeted critical infrastructure sector in 2022 and attacks in the first half of 2023 have more than doubled. The HHS’ Office for Civil Rights reports that hacking incidents now account for 77% of all healthcare data breaches of 500 or more records nationwide and there has been a 278% increase in ransomware attacks in the past 4 years. So far in 2023, more than 102 million...

Read More
Canadian Pregnancy and Newborn Care Agency Reports 3.4 Million-Record MOVEit Data Breach
Sep26

Canadian Pregnancy and Newborn Care Agency Reports 3.4 Million-Record MOVEit Data Breach

BORN (Better Outcomes Registry & Network) in Canada has recently confirmed that the personal and health information of 3.4 million patients was stolen by the Clop ransomware group in an attack that exploited a zero-day vulnerability (CVE-2023-34362) in Progress Software’s MOVEit Transfer file transfer solution in late May 2023. BORN is a Ministry of Health-funded agency that collects data on pregnancies and births in Ontario and...

Read More
HHS Data, Hackers and Medical Records
Aug28

HHS Data, Hackers and Medical Records

HHS data relating to hackers and medical records is not always the best source of information on which to base decisions about how to assign security resources. However, proposals for Cyber Incident Reporting for the Critical Infrastructure Act (CIRCIA) could significantly improve the quality of data available to security professionals in the healthcare industry. Why the concern about hackers and medical records? How many medical...

Read More
4 Million Colorado Residents Have Health Data Stoen in MOVEit Hack
Aug15

4 Million Colorado Residents Have Health Data Stoen in MOVEit Hack

The Colorado Department of Health Care Policy & Financing (HCPF), which administers the Colorado Medicaid program, Child Health Plan Plus, and other health care programs, has recently announced a data breach involving the records of up to 4,091,794 individuals. On May 31, 2023, Progress Software identified a zero day vulnerability in its MOVEit Transfer file transfer solution that had been exploited by the Clop ransomware group to...

Read More
Major HCA Healthcare Data Breach Affects 11 Million Patients
Jul12

Major HCA Healthcare Data Breach Affects 11 Million Patients

A major HCA Healthcare data breach has been reported this week after the discovery that a hacker stole the data of an estimated 11 million patients, then offered the data for sale when HCA Healthcare failed to meet the hacker’s demands. HCA Healthcare is one of the largest health systems in the United States, operating 182 hospitals and more than 2,300 care sites. HCA Healthcare announced the data breach on July 10, 2023, on the...

Read More
Harvard Pilgrim Health Care: 2.5 Million Members Affected by Ransomware Attack
Jun02

Harvard Pilgrim Health Care: 2.5 Million Members Affected by Ransomware Attack

Harvard Pilgrim Health Care, a Canton, Massachusetts-based nonprofit health services provider, has confirmed that it was the victim of a ransomware attack in April 2023. The threat actor behind the attack stole sensitive data from its systems, including the personal and HIPAA-protected information of 2,550,922 individuals. The forensic investigation confirmed that the hackers first gained access to its systems on March 28, 2023, and...

Read More
MCNA Dental Reports 8.9 Million Record Data Breach
May30

MCNA Dental Reports 8.9 Million Record Data Breach

The LockBit ransomware group has claimed responsibility for an attack on MCNA Dental, one of the largest Medicaid and CHIP dental care and oral health insurance providers in the United States. More than 8.9 million individuals have been affected and had their sensitive data stolen. The LockBit gang issued a ransom demand of $10 million to prevent the release of the stolen data, then proceeded to leak the data when the ransom was not...

Read More
FTC Proposes Multi-Million-Dollar Penalty for BetterHelp to Resolve Consumer Privacy Violations
Mar06

FTC Proposes Multi-Million-Dollar Penalty for BetterHelp to Resolve Consumer Privacy Violations

The Federal Trade Commission (FTC) has announced another enforcement action stemming from the disclosure of consumers’ sensitive health information to marketing companies for advertising purposes. The FTC has proposed a $7.8 million financial penalty to resolve alleged violations of the FTC Act by BetterHelp, a California-based provider of online counseling services. BetterHelp offers consumers counseling services under a range...

Read More
HIPAA Security Rule Failures Land Banner Health with $1.25M Financial Penalty
Feb07

HIPAA Security Rule Failures Land Banner Health with $1.25M Financial Penalty

Banner Health has agreed to settle alleged violations of the HIPAA Security Rule with the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) and will pay a $1.25 million financial penalty. Banner Health will also adopt a corrective action plan to ensure full compliance with the HIPAA Security Rule and will be monitored by OCR for two years. The OCR investigation into HIPAA Security Rule compliance was...

Read More
LockBit Ransomware Gang Apologizes for Attack on Canadian Children’s Hospital
Jan03

LockBit Ransomware Gang Apologizes for Attack on Canadian Children’s Hospital

An affiliate of the LockBit ransomware gang recently conducted an attack on the Hospital for Sick Children (SickKids) in Toronto, Canada. The attack occurred on December 18, 2022, and files were encrypted on multiple systems, including its internal and corporate systems, the phone system, and website, although patient medical records were reportedly not affected. As is often the case with ransomware attacks on hospitals, systems are...

Read More

270,000 Patients Affected by Louisiana Hospital Cyberattack

Lake Charles Memorial Health System has confirmed that the sensitive information of almost 270,000 patients was compromised in an October 2022 cyberattack. The attack was detected by the health system’s security team on October 21, 2022, with the internal investigation concluding on October 25, 2022, that hackers had gained access to its network and exfiltrated files containing patient data. A website notice states that notification...

Read More
Ransomware Attack on HSE in Ireland Has Cost More Than €80 Million
Dec14

Ransomware Attack on HSE in Ireland Has Cost More Than €80 Million

In 2021, the Conti ransomware gang conducted a ransomware attack on the Health Services Executive (HSE) in Ireland. Approximately 98,000 patients and 18,200 members of staff potentially had their personal information stolen in the data breach, and more than a year on, notification letters are still being issued to those individuals. Like many ransomware attacks, it started with a phishing email. In this case, the email had a Microsoft...

Read More
Medibank Refuses to Pay Ransomware Gang to Prevent Release of Customer Data
Nov08

Medibank Refuses to Pay Ransomware Gang to Prevent Release of Customer Data

In October, Medibank, one of the largest private health insurers in Australia, suffered a ransomware attack that involved the theft of the data of almost 10 million customers. The group behind the attack is thought by some security researchers to be the notorious REvil ransomware gang. The new operation is known as BlogXX, after the name of the website used by the group. In conversations with victims, the group calls itself Sodinokibi...

Read More
Information of up to 3 Million Advocate Aurora Health Patients Impermissibly Disclosed to Meta and Others
Oct20

Information of up to 3 Million Advocate Aurora Health Patients Impermissibly Disclosed to Meta and Others

Advocate Aurora Health has recently announced that patient data has been impermissibly disclosed to Meta/Facebook and Google as a result of the use of third-party tracking code snippets on its websites and web applications. The breach has affected up to 3 million patients, making it the largest breach to be reported by a single healthcare provider this year. The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule...

Read More
U.S. Healthcare Provider Confirms Unauthorized Disclosure of 1.36 Million Patient Records to Meta
Aug23

U.S. Healthcare Provider Confirms Unauthorized Disclosure of 1.36 Million Patient Records to Meta

A healthcare provider has confirmed the impermissible disclosure of patient information to Meta through the misconfiguration of Meta Pixel tracking code on its website. Earlier this year, The Markup published a report on an investigation into the use of Meta Pixel tracking code on the websites of hospitals. Meta Pixel is used to track user activity on websites and advertising performance; however, the data collected through Meta Pixel...

Read More
PFC USA Data Breaches Affects Almost 660 Healthcare Provider Clients
Jul06

PFC USA Data Breaches Affects Almost 660 Healthcare Provider Clients

Professional Finance Company Inc., (PFC) one of the largest accounts receivable management agencies in the United States, has announced that it was the victim of a ransomware attack in February 2022. While the intrusion was detected promptly and was blocked on February 26, 2022, the forensic investigation confirmed that the attackers accessed files on its network, which included the personal information of individuals that had been...

Read More
Medical Data of 2 Million Individuals Stolen in Shields Health Care Group Cyberattack
Jun08

Medical Data of 2 Million Individuals Stolen in Shields Health Care Group Cyberattack

The personal and healthcare data of up to 2 million patients has been compromised in a hacking incident at Shields Health Care Group. Shields Health Care Group provides MRI, PET/CT, ASC, radiation oncology and medical imaging services on behalf of healthcare providers, and operates more than 40 facilities in Massachusetts, Maine, and New Hampshire. At present, the exact nature of the cyberattack has not been made public, but Shields...

Read More
American Dental Association Suffers Suspected Ransomware Attack
Apr27

American Dental Association Suffers Suspected Ransomware Attack

The American Dental Association (ADA) has recently confirmed to its members that technical difficulties are being experienced due to a cyberattack that occurred over the weekend. The ADA website states that “technical difficulties” are being experienced and efforts are underway to bring its systems back online. While the ADA has not publicly confirmed that this was a cyberattack, notifications have been sent to its 185,000 members via...

Read More
Malware Infection at Dental Clinic Operator Affects More Than 1 Million Texans
Mar22

Malware Infection at Dental Clinic Operator Affects More Than 1 Million Texans

JDC Healthcare Management, which operates more than 70 dental clinics in Texas as Jefferson Dental & Orthodontics, has recently notified the Texas Attorney General about a malware incident that was detected in August 2021. JDC said it identified a security breach on or around August 9, 2021, and steps were immediately taken to secure its systems. A third-party forensic firm was engaged to investigate the breach and determine the...

Read More
Almost 500,000 Patients Affected by Mon Health Data Breach
Mar17

Almost 500,000 Patients Affected by Mon Health Data Breach

In December 2021, Monongalia Health System (Mon Health) started notifying almost 400,000 individuals about a business email compromise attack, where threat actors compromised email accounts and used them to arrange fraudulent wire transfers. The attackers had access to email accounts from May 10, 2021, until August 15, 2021. On December 18, 2021, just a few days after the announcement about the BEC attack was made, Mon Health...

Read More
HHS’ Office for Civil Rights Director Urges HIPAA-Regulated Entities to Improve Cybersecurity
Mar04

HHS’ Office for Civil Rights Director Urges HIPAA-Regulated Entities to Improve Cybersecurity

In the United States, healthcare providers, health plans, healthcare clearinghouses, and business associates of those entities are required to comply with the standards of the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules. The HIPAA Security Rule calls for HIPAA-regulated entities to implement safeguards to ensure the confidentiality, integrity, and availability of...

Read More
Inmediata and CaptureRx Agree to Settle Class Action Data Breach Lawsuits
Feb15

Inmediata and CaptureRx Agree to Settle Class Action Data Breach Lawsuits

It is common for victims of healthcare data breaches to take legal action against healthcare organizations that have experienced cyberattacks and data theft incidents. In order for lawsuits to have standing, the plaintiffs must usually demonstrate they have suffered actual harm as a result of the breach. Recently, a federal judge recommended a lawsuit against Practicefirst Medical Management Solutions, which experienced a ransomware...

Read More
Accellion Proposes $8.1 Million Settlement to Resolve Class Action Data Breach Lawsuit
Jan19

Accellion Proposes $8.1 Million Settlement to Resolve Class Action Data Breach Lawsuit

Accellion has proposed an $8.1 million settlement to resolve a class action data breach lawsuit related to the December 2020 cyberattack on its legacy File Transfer Appliance. In December 2020, two Advanced Persistent Threat groups linked to FIN11 and the CLOP ransomware gang exploited vulnerabilities in the Accellion File Transfer Appliance (FTA) and exfiltrated a large about of customer data. Customers included law firms, insurance...

Read More
1.3 Million Record Data Breach Reported By Florida’s Broward Health
Jan04

1.3 Million Record Data Breach Reported By Florida’s Broward Health

A major data breach was reported by Florida’s Broward Health on January 1, 2022, that involved the personal and protected health information of more than 1.3 individuals. Hackers gained access to its network on October 15, 2021, through the office of a third-party healthcare provider that had been granted access to Broward Health’s network to provide medical services. The cyberattack was detected four days later on October 19, 2021,...

Read More
Major Healthcare Data Breaches Reported in December 2021
Dec31

Major Healthcare Data Breaches Reported in December 2021

2021 has been a particularly bad year for healthcare data breaches and the attacks did not let up in December. 4 major healthcare data breaches have been reported this month that collectively resulted in the exposure of the personal and protected health information of more than 2 million Americans So far in 2021, 686 healthcare data breaches of 500 or more records have been reported to the HHS’ Office for Civil Rights, and almost 45...

Read More
Survey Reveals Worrying Lack of Action by Consumers After Receiving a Breach Notification Letter
Nov22

Survey Reveals Worrying Lack of Action by Consumers After Receiving a Breach Notification Letter

The National Institute of Standards and Technology (NIST) no longer recommends regular password changes for employees, as while updating passwords every few months does improve password security on paper, forcing employees to regularly change passwords does not improve security in practice. In fact, it often makes things worse as employees start with a strong password, and over time the strength of their passwords decreases. One of...

Read More
$130,000 Settlement Agreed with Two New Jersey Printing Companies to Resolve Alleged HIPAA Violations
Nov16

$130,000 Settlement Agreed with Two New Jersey Printing Companies to Resolve Alleged HIPAA Violations

An investigation conducted by the New Jersey Division of Consumer Affairs into an unauthorized disclosure of the protected health information (PHI) of almost 56,000 New Jersey residents has been settled by New Jersey Acting Attorney General, Andrew Bruck. The two firms will pay financial penalties totaling $130,000 and have agreed to a consent order that requires them to make changes to their policies and procedures to improve data...

Read More
Personal and Health Information of 656,000 Patients of California Clinic Potentially Compromised
Nov03

Personal and Health Information of 656,000 Patients of California Clinic Potentially Compromised

Community Medical Centers in California has announced it suffered a cyberattack in October in which the personal and protected health information of more than 656,000 individuals was potentially compromised. Community Medical Centers is a nonprofit network of neighborhood health centers in Northern California serving patients in San Joaquin, Solano, and Yolo counties. The healthcare provider issued a notification to the Maine Attorney...

Read More
New Jersey Fines Infertility Clinic $495,000 for Multiple Violations of the HIPAA Rules
Oct19

New Jersey Fines Infertility Clinic $495,000 for Multiple Violations of the HIPAA Rules

An investigation conducted by the New Jersey Department of Law and Public Safety Division of Consumer Affairs into a HIPAA compliance data breach at an infertility clinic has been settled, with the clinic operator agreeing to pay a financial penalty of $495,000. Diamond Institute for Infertility and Menopause, LLC (Diamond) is based in Millburn, NJ, and operates two infertility clinics in the state and one in New York. The company...

Read More
Ransomware Intrusion Actor FIN12 is Aggressively Targeting the Healthcare Sector
Oct08

Ransomware Intrusion Actor FIN12 is Aggressively Targeting the Healthcare Sector

While healthcare providers were struggling to cope with providing care to COVID-19 patients during the pandemic, they have been under attack from ransomware gangs. One group which has been particularly active and has been targeting the healthcare industry is FIN12. Approximately 20% of the attacks conducted by FIN12 since September 2020 have been on the healthcare industry, with other targeted sectors including education,...

Read More
More than 600,000 Patients Affected by DuPage Medical Group Ransomware Attack
Sep09

More than 600,000 Patients Affected by DuPage Medical Group Ransomware Attack

On August 30, 2021, Downers Grove, IL-based DuPage Medical Group announced it has been affected by a ransomware attack. DuPage is the largest independent physician group in Illinois and has more than 900 physicians that provide over 19,000 appointments a day. Between July 12 and July 13, 2021, the group suffered a network outage, which was rapidly identified as a ransomware attack. The forensic investigation confirmed unauthorized...

Read More
Mid-Year HIPAA Enforcement Update
Aug25

Mid-Year HIPAA Enforcement Update

The HHS’ Office for Civil Rights has imposed 8 financial penalties on HIPAA-covered entities and business associates in the first 6 months of 2021 to resolve investigations into noncompliance with the Health Insurance Portability and Accountability Act Rules. In the first 6 months of 2020, only 1 financial penalty was imposed; however, OCR ended the year with 19 financial penalties imposed. This year, OCR has continued with its drive...

Read More
Cost of Scripps Health Ransomware Attack Jumps to $113m
Aug20

Cost of Scripps Health Ransomware Attack Jumps to $113m

Universal Health Services, one of the largest healthcare providers in the United States, was attacked with Ryuk ransomware in September 2020 and it was initially claimed, in March 2021, that the financial damage caused by the attack equated to $67m in pre-tax losses, with the bulk of the costs due to the initial breach response, remediation, loss of acute care services, and a range of other expenses. The healthcare system manages 26...

Read More
Patients Redirected to Alternative Facilities in Wake of Memorial Health System Cyberattack
Aug19

Patients Redirected to Alternative Facilities in Wake of Memorial Health System Cyberattack

A suspected ransomware attack on the Memorial Health System, based in Marietta OH, has resulted in patents being redirected to alternative hospitals. The security breach occurred on Sunday morning and led to Memorial Health disabling its IT systems in order to prevent any additional damage being caused. Emergency protocols were quickly put in place as many of the IT systems were not accessible, and healthcare workers have started...

Read More
Gastroenterology Consultants Notifies Patients About January 2021 Ransomware Attack
Aug09

Gastroenterology Consultants Notifies Patients About January 2021 Ransomware Attack

Gastroenterology Consultants in Texas has started notifying patients about a cyberattack that took place on January 10, 2021 in which their protected health information was potentially compromised.  Hackers infiltrated its network and deployed ransomware, which encrypted files rendering them inaccessible. The attackers may also have viewed or obtained files containing patient data prior to encrypting files.  Gastroenterology...

Read More
ClearBalance Phishing Attack Could Have Impacted More Than 200,000 Patients
Jul29

ClearBalance Phishing Attack Could Have Impacted More Than 200,000 Patients

ClearBalance, a San Diego-based loan provider that helps patients pay for their medical bills by offering payment plans, has reported that its suffered a phishing attack on March 8, 2021. A number of ClearBalance staff members were fooled into disclosing their login details, which allowed their email accounts to be accessed. ClearBalance discovered the attack on April 26, 2021 when an attempted fraudulent money transfer was detected....

Read More
25,000 Patients Contacted About Lake County Health Department Data Breaches
Jul22

25,000 Patients Contacted About Lake County Health Department Data Breaches

The personal and protected health information of approximately 25,000 patients has potentially been impacted in two separate data breaches according to the Lake County Health Department in Illinois . The initial breach took place during 2019 when a Lake County Health member of staff sent an unencrypted email from their corporate email address to an internal employee’s personal email account. The email in question included a...

Read More
Brute Force Attack on Member Portal Impacts 30,000 Florida Blue Members
Jul20

Brute Force Attack on Member Portal Impacts 30,000 Florida Blue Members

Following a brute force attack on the Florida Blue online member portal, the protected health information (PHI) of approximately 30,063 Florida Blue (Blue Cross and Blue Shield of Florida)  may have been accessed or downloaded by unauthorized individuals. The attack, which began on June 8 2021, took place when unknown actors launched a brute force campaign which leveraged a massive database of user identifiers and matching passwords...

Read More
REvil Ransomware Attack Impacts University Medical Center of Southern Nevada
Jun29

REvil Ransomware Attack Impacts University Medical Center of Southern Nevada

A ransomware attack on the University Medical Center of Southern Nevada (UMC) has resulted in an amount of patient data being stolen. The clinic released a statement saying it discovered suspicious activity on its network in June and moved swiftly to mitigate the attack by limiting access to its servers and databases. A review of the incident is ongoing and the relevant law enforcement agencies have been made aware of the attack. To...

Read More
Lawsuit Filed Against Humana & Cotiviti Following 63,000+ Record Data Breach
Jun14

Lawsuit Filed Against Humana & Cotiviti Following 63,000+ Record Data Breach

Following the discovery of a data breach in December 2020, the health insurance and healthcare provider Humana and its business associate Cotiviti are facing legal action. A lawsuit was filed naming both companies on May 26, 2021 in the U.S. District Court for the Western District of Kentucky. The lawsuit alleges Humana mismanaged the records of members of its health insurance plans. The group had outsourced the duty of processing...

Read More
Phishing Attack Affects Up to 34,862 Lafourche Medical Group Patients
Jun11

Phishing Attack Affects Up to 34,862 Lafourche Medical Group Patients

34,862 patients of Lafourche Medical Group, a Louisiana-based urgent care center operator, have been made aware that a security incident may have resulted in a portion of their of their protected health information being compromised. Lafourche Medical Group learned in March 2021 that an external accountant had replied to a phishing email that claimed to have been sent by one of the owners of Lafourche Medical Group. responding to the...

Read More
Patients of Rehoboth McKinley Christian Health Care Services Informed of February 2021 Ransomware Attack
May23

Patients of Rehoboth McKinley Christian Health Care Services Informed of February 2021 Ransomware Attack

Rehoboth McKinley Christian Health Care Services (RMCHCS) has contacted patients to make them aware of a ransomware attack that hit the organization during February 2021 which may have compromised their protected health information (PHI). The breach has been reported to the HHS’ Office for Civil Rights as affecting 207,195 individuals. It was discovered that Conti ransomware hackers conducted the attack in February and stole a range...

Read More
330K Patients Impacted in Ransomware Attack on New York Medical Group
May15

330K Patients Impacted in Ransomware Attack on New York Medical Group

Orthopedic Associates of Dutchess County has revealed that the protected health information (PHI) of some of its clients may have been impacted during a recent cyberattack. The New York medical group first noticed the security breach when suspicious activity was identified on its systems on March 5, 2021. Following this discovery, a review of the incident confirmed that systems had been accessed on or around March 1, 2021 by...

Read More
Data Breach Impacts Records of 200,000 Military Veterans
May14

Data Breach Impacts Records of 200,000 Military Veterans

Online security expert Jeremiah Fowler has discovered an online database holding the protected health information (PHI) of approximately 200,000 U.S. military veterans was accessible until the issue was mitigated on April 18 of this year. The database was being used to store veterans’ identities, birth dates, contact details, medical data, appointment dates, unencrypted password details, and billing information. Access could be gained...

Read More
HHS Information Blocking Regulations Now in Effect
Apr16

HHS Information Blocking Regulations Now in Effect

Created by the Department of Health and Human Services as part of the 21st Century Cures Act, the information blocking regulations are now in effect and are enforceable. The final rule described information blocking and introduced penalties for providers and certified health IT vendors who participate in activities that interfere with the access, transfer, and use of electronic health information (EHI). The final rule also established...

Read More
HIPAA Breaches at Montefiore Medical Center & Belden
Apr16

HIPAA Breaches at Montefiore Medical Center & Belden

It has been discovered that another Montefiore Medical Center employee has accessed patient information with no work reason for doing. It was made public that, during February 2020, a member of staff had accessed medical records without authorization over a period of five months in 2020 while another employee was found to have stolen the PHI of around 4,000 patients between January 2018 and July 2020. The most recent discovery...

Read More
Ransomware Attack on Home Healthcare Service Provider Affects 753,000 Individuals
Apr03

Ransomware Attack on Home Healthcare Service Provider Affects 753,000 Individuals

753,107 patients of NY-based provider of home health services Personal Touch Holding Corp are being made aware that a breach of their protected health information may have occurred. On January 27, 2021, Personal Touch was made aware that it had been impacted by a cyberattack that infiltrated its private cloud hosted by its managed service providers. The hackers encrypted the cloud-stored business files of Personal Touch and 29 of its...

Read More
New Jersey Plastic Surgery Practice Pays $30K to OCR Settle HIPAA Right of Access Case
Mar29

New Jersey Plastic Surgery Practice Pays $30K to OCR Settle HIPAA Right of Access Case

The HHS’ Office for Civil Rights (OCR) has revealed a settlement has been agreed with Ridgewood, NJ-based Village Plastic Surgery to resolve a potential breach of the HIPAA Right of Access provision of the HIPAA Privacy Rule. As per the terms of the settlement, Village Plastic Surgery will pay a $30,000 fine and will implement a corrective action plan that includes the creation of policies and processes covering patient medical record...

Read More
Multiple Lawsuits Filed by Victims of Accellion Ransomware Attack
Mar22

Multiple Lawsuits Filed by Victims of Accellion Ransomware Attack

The number of healthcare groups to reveal that they have been impacted by the ransomware attack on Accellion has grown, with two of the most recent victims listed as Trillium Community Health Plan and Arizona Complete Health. In December 2020, unauthorized people targeted zero-day vulnerabilities in Accellion’s legacy File Transfer Appliance platform and illegally removed data of its customers before deploying CLOP ransomware....

Read More
AMCA Medical Debt Collection Agency Settles Multistate Action over 21 Million-Record Data Breach
Mar15

AMCA Medical Debt Collection Agency Settles Multistate Action over 21 Million-Record Data Breach

A settlement has been reached between a coalition of 41 state Attorneys General and American Medical Collection Agency (AMCA) to resolve a case stemming from a data breach involving the protected health information of 21 million Americans. The data breach was the largest healthcare data breach to be reported in 2019. AMCA specializes in small debt collections from patients of medical testing facilities. From August 1, 2018 until March...

Read More
AllyAlign Health Ransomware Attack Impacts Tens of Thousands of Patients
Mar04

AllyAlign Health Ransomware Attack Impacts Tens of Thousands of Patients

Following an attempted ransomware attack that took place November 13, 2020, AllyAlign Health breach alerts have been sent to make members and providers aware of the privacy violation. According to the breach notification letters sent to affected individuals, the Glen Allen, VA-based Medicare Advantage health plan administrator discovered the attack on November 14, 2020. A review of the incident found the systems infiltrated by the...

Read More
Harvard Eye Associates Pays Ransom to Recover Healthcare Data Stolen in Hacking Incident
Feb22

Harvard Eye Associates Pays Ransom to Recover Healthcare Data Stolen in Hacking Incident

In California, Laguna Hills-based Harvard Eye Associates has been affected by a cyberattack on its online storage vendor and the protected health information (PHI) of 29,982 patients could possibly have been stolen. The storage vendor made Harvard Eye Associates aware, on January 15, 2021, that cybercriminals had obtained access to its computer databases and stole data. While it was not known if files were encrypted to prevent access,...

Read More
US Healthcare Data Breach Report Shows Breaches Increased by 55% In 2020
Feb18

US Healthcare Data Breach Report Shows Breaches Increased by 55% In 2020

An analysis of 2020 healthcare data breaches has been conducted by Bitglass that shows the extent to which the healthcare industry was targeted by hackers. There was a sharp increase in hacking and IT incidents in 2019 and that trend continued in 2020 when 67% of all reported healthcare data breaches were the result of hacking/IT incidents. The healthcare records of 24.1 million individuals were exposed in those breaches – 91% of all...

Read More
US Fertility Facing Class Action Lawsuit Filed Over Ransomware Attack
Feb09

US Fertility Facing Class Action Lawsuit Filed Over Ransomware Attack

Following a September 2020 ransomware attack and data breach that impacted 878,550 people, US Fertility is now facing a class action lawsuit for allowing it to occur. US Fertility is one of the largest providers of support services to infertility clinics in the United States. The company discovered on September 14, 2020 that ransomware had been used to encrypt files and its databases. The investigation showed that the cybercriminals...

Read More
Florida Medicaid Applicants’ PHI Impacted in Seven-Year Breach
Feb05

Florida Medicaid Applicants’ PHI Impacted in Seven-Year Breach

It has been discovered by the Tallahassee, FL-based Medicaid health plan, Florida Healthy Kids Corporation, that its web hosting provider failed to address vulnerabilities which were targeted by hackers to obtain access to its web portal and the protected health information of those applying for membership since 2013. Florida Healthy Kids had an agreement with Jelly Bean Communications Design, LLC to arrange the hosting of its...

Read More
2020 Saw 560 U.S. Healthcare Facilities Affected by Ransomware
Jan25

2020 Saw 560 U.S. Healthcare Facilities Affected by Ransomware

During 2020 – according to the latest State of Ransomware report from the New Zealand-based cybersecurity firm Emsisoft – healthcare, education, and government entities were the main focus of ransomware threat groups with 2,354 attacks being registered. Towards the end of 2019 ransomware was being extensively used in cyberattacks on the healthcare industry. The attacks dwindled in the first half of 2020 but rose...

Read More
Hackers Altered Stolen Pfizer Vaccine Documentation Prior to Publication
Jan18

Hackers Altered Stolen Pfizer Vaccine Documentation Prior to Publication

In November 2020, hackers gained access to a server used by the European Medicines Agency (EMA), the drug and vaccine regulator in the European Union, and stole data on the Pfizer/BioNTech vaccine candidate.  Last week, the EMA announced that the hackers had publicly released the documentation on hacking forums, but a new alert warns that the documentation was manipulated prior to release. The stolen data included information...

Read More
Healthcare Sector Cyberattacks Have Increased by 45% in the Past 2 Months
Jan14

Healthcare Sector Cyberattacks Have Increased by 45% in the Past 2 Months

A recent joint CISA, FBI, and HHS cybersecurity alert warned that the healthcare sector was being targeted by threat actors who were deploying ransomware. Attacks are being conducted by several threat actors using a range of different ransomware variants, including Ryuk and Conti. A new report recently published by Check Point shows that since the alert was issued, cyberattacks on the healthcare sector have continued to increase. From...

Read More
Ransomware Attack Impacts Lake Region Healthcare
Jan13

Ransomware Attack Impacts Lake Region Healthcare

On December 22, 2020, Minnesota-based Lake Region Healthcare discovered ransomware had been deployed on its network and the attackers gained access to its databases. The attack caused disruption to daily processes and procedures at its offices in Fergus Falls, Battle Lake, Ashby, and Barnesville. They moved swiftly to mitigate the attack and implemented their downtime procedures that had been developed for situations such as...

Read More
Ransomware Attacks on Healthcare Organizations Continue to Rise with Ryuk the Biggest Threat
Jan06

Ransomware Attacks on Healthcare Organizations Continue to Rise with Ryuk the Biggest Threat

Cyberattacks on healthcare organizations have continued to increase over the past two months, according to research conducted by cybersecurity firm Check Point, and ransomware is now the biggest malware threat. In October, a joint security advisory was issued by the DHS’ Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) warning the...

Read More
Wilmington Surgical Associates Ransomware Attack Impacts Over 14,000 Patients
Jan02

Wilmington Surgical Associates Ransomware Attack Impacts Over 14,000 Patients

The NetWalker ransomware group has claimed it is behind a ransomware attack that took place on the North Carolina-based surgical center, Wilmington Surgical Associates in October 2020. The group say that they illegally accessed and removed around 13GB of data before launching NetWalker ransomware and encrypting files. The stolen batch of data held thousands of documents containing sensitive data. There has been no breach notification...

Read More

SkyMed Comes to Settlement Agreement with FTC for 2019 Consumer Data Breach

SkyMed has com to a settlement agreement with the Federal Trade Commission (FTC) in the aftermath an audit of its information security practices in relation to a 2019 data breach that exposed consumers’ personal private data. The Nevada-based emergency services provider was made aware by security expert Jeremiah Fowler in 2019 that it had an improperly configured Elasticsearch database that was leaking patient private data. The...

Read More
Three Vulnerabilities Identified in Medtronic MyCareLink Smart Patient Readers
Dec19

Three Vulnerabilities Identified in Medtronic MyCareLink Smart Patient Readers

Three critical vulnerabilities have been found in Medtronic MyCareLink (MCL) Smart Patient Readers, which could be exploited by threat actors to gain access to protected health information, modify patient data, and take control of the paired cardiac device. The flaws are present in all versions of the MCL Smart Model 25000 Patient Reader. The first vulnerability, tracked as CVE-2020-25183, is an authentication protocol vulnerability....

Read More
Researchers Find More than 45 Million Medical Images Stored on Unprotected Servers
Dec17

Researchers Find More than 45 Million Medical Images Stored on Unprotected Servers

More than 45 million medical images are currently exposed on unprotected servers and can be accessed freely over the internet without usernames or passwords. The medical images include metadata that includes personal and protected health information, which could be used for a variety of nefarious purposes. The unprotected images, which include MRIs, CT scans, and X-Rays were found by researchers at the CyberAngel Analyst Team, who...

Read More

Meharry Medical College & MEDNAX Services Email Account Breaches Reported

Meharry Medical College located in Nashville, TN, has revealed that an email account breach may have lead to in the illegal access of the protected health information of up to 20,963 patients. The email account breach was  first discovered around July 28, 2020 and was promptly mitigated. External technical experts were brought in to review the breach and discovered that the incident was kept to a single email account. On September 1,...

Read More
U.S. Data Breach Impacts 829,454 Luxottica Patients
Nov17

U.S. Data Breach Impacts 829,454 Luxottica Patients

The largest eyewear firm globally, Luxottica, has had a number of its web portals targeted in a cyberattack that has resulted in a breach of the private data of over 800,000 patients. Luxottica makes designer eyewear for numerous renowned fashion brands and owns many famous eyewear brands such as Ray-Ban. The group also manages the EyeMed vision benefits company and collaborates with LensCrafters, Target Optical, EyeMed, Pearle...

Read More

Saint Francis Healthcare Data Breach Lawsuit Settled for $350,000

In relation to September 2019 ransomware attack on Ferguson Medical Group (FMG), a $350,000 settlement has been reached between Saint Francis Healthcare System and patients impacted by the attack.  FMG was purchased by Saint Francis after a cyberattack resulted in many important records being inaccessible. They tried to retrieve all impacted records via backups, though some were could no be rescued. These files included medical...

Read More
City of New Haven Fined €202,000 for Failure to Terminate Former Employee’s Access Rights
Nov03

City of New Haven Fined €202,000 for Failure to Terminate Former Employee’s Access Rights

In Connecticut the City of New Haven has committed to paying a $203,400 financial penalty to the Department of Health and Human Services’ office for Civil Rights to compensate for a HIPAA violation case.  An OCR investigation was initiated in May 2017 following a receipt of data breach notification originating in New Haven on January 24. OCR investigated if the City of New Haven was responsible for HIPAA violations. Following this...

Read More
Ryuk Ransomware Gang Steps Up Attacks on U.S. Hospitals
Oct30

Ryuk Ransomware Gang Steps Up Attacks on U.S. Hospitals

The U.S Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) have issued a warning to healthcare providers and public health agencies of an imminent threat of attacks using Ryuk ransomware. An advisory was issued on October 28, 2020 after credible evidence was uncovered indicating the operators of Ryuk...

Read More
Finnish Psychotherapy Provider and Patients Blackmailed and Threatened with Publication of Sensitive Data
Oct27

Finnish Psychotherapy Provider and Patients Blackmailed and Threatened with Publication of Sensitive Data

A national network of psychotherapy clinics in Finland has suffered a cyberattack in which highly sensitive patient data were stolen. The company was issued with a ransom demand along with a threat to publish the stolen data if payment was not made. The attackers followed through with that threat and have published some of the data stolen in the attack and have also issued ransom demands to individual patients, threatening to disclose...

Read More
Multi-State Breach Investigation Settled with Community Health Systems Paying $5 Million Penalty
Oct16

Multi-State Breach Investigation Settled with Community Health Systems Paying $5 Million Penalty

Tennessee-based Community Health Systems and subsidiary CHSPCS LLC have settled a multiple-state action with 28 state attorneys general for $5 million.  A joint investigation was launched headed by Tennessee Attorney General Herbert. H. Slatery III after a breach of the protected health information (PHI) of 6.1 million people in 2014. At the time, Community Health Systems owned, leased, or operated 206 hospitals. According to a 2014...

Read More
Facilitating or Paying a Ransomware Payment will Lead to Sanctions: US Treasury Department
Oct12

Facilitating or Paying a Ransomware Payment will Lead to Sanctions: US Treasury Department

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has warned that companies that facilitate ransom payments to cybercriminals on behalf of victims of the attacks could face sanctions risks for violating OFAC regulations. Victims of ransomware attacks that pay ransoms to cyber actors could similarly face steep fines from the federal government if it is discovered that the criminals behind the attacks are already...

Read More
Clinical Trial Software Provider Hit with Ransomware Attack
Oct09

Clinical Trial Software Provider Hit with Ransomware Attack

eResearch, a software company from Philadelphia, which sells software used in vital research on Covid-19, was hit with a ransomware attack that has affected many of the company’s clientele, some of which are conducting Covid-19 vaccine trials. In the last year alone, eResearch Technology’s software was used in three quarters of all clinical trials carried out worldwide. The attack took place on September 20, 2020 forcing...

Read More
Some Blackbaud Customers had Sensitive Data Stolen in Ransomware Attack
Oct05

Some Blackbaud Customers had Sensitive Data Stolen in Ransomware Attack

Blackbaud has confirmed in a recent U.S. Securities and Exchange Commission (SEC) Form 8-K filing that the ransomware attack it experienced in May 2020 did not only involve donors’ personal information. Some of its customers also had sensitive information such as bank account details, Social Security numbers, and usernames and passwords exposed or stolen in the attack. When Blackbaud discovered the ransomware attack in May 2020, its...

Read More
Universal Health Services Ransomware Attack Cripples Hospitals Across the United States
Sep29

Universal Health Services Ransomware Attack Cripples Hospitals Across the United States

Universal Health Services (UHS) has suffered a ransomware attack that has taken IT systems out of action across its nationwide network of hospitals. UHS is a Fortune 500 healthcare provider and one of the largest providers of hospital and healthcare services in the United States. UHS has around 400 hospitals and healthcare facilities throughout the United States, Puerto Rico and the UK and had annual revenues of $11.37 billion in...

Read More
Breach of 6 Million Records and Multiple HIPAA Failures Leads to $2.3 Million HIPAA Fine for Business Associate
Sep26

Breach of 6 Million Records and Multiple HIPAA Failures Leads to $2.3 Million HIPAA Fine for Business Associate

The Tennessee-based management company CHSPSC LLC, a supplier of services to a range of different subsidiary hospital operator companies and other affiliates of Community Health Systems, including legal, compliance, accounting, operations, human resources, IT, and health information management services, has been fined $2.3 million in relation to five potential violations of the HIPAA compliance rules. The fine was made public this...

Read More
7,777 Patients Impacted by Starling Physicians Email Breach
Sep21

7,777 Patients Impacted by Starling Physicians Email Breach

Starling Physicians has begun contacting 7,777 patients to make them aware that a portion of their protected health information may have been accessed by an unauthorized person. The breach was discovered at the beginning of July and an in depth investigation was initiated. No evidence was uncovered to suggest PHI had been illegally accessed, although it was not possible to rule out unauthorized access to data theft. Some of the data...

Read More
Ransomware Attack on Hospital Leads to the Death of a Patient
Sep18

Ransomware Attack on Hospital Leads to the Death of a Patient

A ransomware attack on a German hospital that took critical systems out of action and forced the cancellation of appointments and the temporary closure of its emergency department has led to the death of a patient. On or before September 10, 2020, Düsseldorf University Clinic was attacked with ransomware. The file encryption caused systems to crash and prevented patient information from being accessed. The extent of the encryption and...

Read More
Cyberattack on U.S. Department of Veteran Affairs Impacts 46,000 Veterans
Sep16

Cyberattack on U.S. Department of Veteran Affairs Impacts 46,000 Veterans

The U.S. Department of Veteran Affairs (VA) has announced that the personal and protected health information of approximately 46,000 veterans has potentially been obtained by unauthorized individuals who were attempting to redirect VA payments to community healthcare providers. The attack involved the use of social engineering techniques to obtain credentials for an application used by the VA’s Financial Services Center (FSC), with...

Read More
Five OCR HIPAA Fines for HIPAA Right of Access Failures
Sep16

Five OCR HIPAA Fines for HIPAA Right of Access Failures

The Department of Health and Human Services’ Office for Civil Rights (OCR) has recently agreed to settle five HIPAA compliance cases that were investigated after individuals were denied access to their health information. The HIPAA Privacy Rule gave individuals the right to obtain a copy of their health records from their providers, health insurer, and business associates of those entities. Access must be provided quickly and no later...

Read More
Northern Light Health Foundation Alerts 657,392 Donors About Blackbaud Ransomware Attack
Aug18

Northern Light Health Foundation Alerts 657,392 Donors About Blackbaud Ransomware Attack

The Brewer, ME-based integrated healthcare group, Northern Light Health Foundation, has revealed it has been impacted by the recent ransomware attack on Blackbaud Inc. The databases affected include information about donors, possible donors, and individuals who may have attended a fundraising event in the past. Patient medical records were stored separately and were unaffected. The databases contained the records of 657,392 people....

Read More
Phishing Attack Hits Children’s Hospital in Colorado
Aug10

Phishing Attack Hits Children’s Hospital in Colorado

Children’s Hospital Colorado is contacting 2,553 patients to inform them that some of their protected health information was held in an email account that was accessed by an unauthorized person between April 6-12, 2020. Credentials to access the account were stolen when an employee answered a phishing email. The phishing attack was discovered by the hospital on June 22, 2020 and the account was immediately safeguarded. A review of the...

Read More
PHI of Customers Stolen in Looting Incidents at Cub Pharmacies
Aug03

PHI of Customers Stolen in Looting Incidents at Cub Pharmacies

A pharmacy network has revealed the protected health information of some of its customers has been illegally taken by looters in late May during the period of civil unrest. From May 27-30, 2020, 8 Cub pharmacies in the Minneapolis area were broken into and items were taken such as paperwork containing the protected health information of its customers. Items taken from the clinic included locked safes that contained credit card...

Read More
Rhode Island Health System Hit with $1 Million Fine for Noncompliance with HIPAA Rules
Jul28

Rhode Island Health System Hit with $1 Million Fine for Noncompliance with HIPAA Rules

The Rhode Island non-profit health system, Lifespan Health System Affiliated Covered Entity (Lifespan), has been fined $1,040,000 by the Department of Health and Human Services’ Office for Civil Rights for violations of the Health Insurance Portability and Accountability Act (HIPAA) Rules. Had HIPAA Rules been followed, a data breach of 20,431 healthcare records would have been avoided. Lifespan was investigated by OCR following the...

Read More
Sarrell Regional Dental Center Ransomware Legal Action Thrown Out by Federal Judge
Jul24

Sarrell Regional Dental Center Ransomware Legal Action Thrown Out by Federal Judge

A legal action filed against Sarrell Regional Dental Center for Public Health Inc. in relation to a July 2019 ransomware attack has been thrown out by a Federal judge due to a lack of standing. Sarrell was able to bounce back from the attack and restore its computer systems and data without meeting the ransom demand, although the dental center was forced to shut down for a period of two weeks while its systems were restored. No proof...

Read More
Healthcare Fiscal Management Ransomware Attack Impacts Up to 58,000 People
Jul14

Healthcare Fiscal Management Ransomware Attack Impacts Up to 58,000 People

The Wilmington, NC-based provider of self-pay conversion and insurance eligibility services to hospitals, clinics and physician groups, Healthcare Fiscal Management Inc. (HFMI), has revealed that is was hit by a ransomware attack in which the personal and protected health information of patients of St. Mary’s Health Care System in Athens, GA may have been accessed or obtained by cybercriminals. An unauthorized person obtained access...

Read More
Portals Accessed Using Stolen Credentials of Health Plan Members
Jul03

Portals Accessed Using Stolen Credentials of Health Plan Members

Independence Blue Cross, AmeriHealth HMO, Inc. and AmeriHealth Insurance Company of New Jersey have discovered hackers obtained access to pages in their member portals between March 17, 2020 and April 30, 2020 and may have seen the personal and protected health information of some of their account holders. The range of data possibly accessed included names, member identification numbers, plan type, spending account balances, user...

Read More
Cybercriminal Apprehended & Charged for 2014 UPMC Cyberattack
Jun27

Cybercriminal Apprehended & Charged for 2014 UPMC Cyberattack

The United States Attorney’s Office of the Western District of Pennsylvania has released a statement that confirms a suspect has been arrested and charged in relation to the 2014 hacking of the human resources databases of University of Pennsylvania Medical Center (UPMC). UPMC manages 40 hospitals around 700 outpatient sites and doctors’ offices and employs over 90,000 staff. In January 2014, UPMC discovered a hacker had obtained...

Read More
Another Phishing Attack Impacts University of Utah Health
Jun15

Another Phishing Attack Impacts University of Utah Health

University of Utah Health has been impacted by a new phishing attack, with the most recent attack leading to the exposure of the protected health information (PHI) of 2,700 clients. This is the third phishing attack to be recorded during 2020 by the HHS’ Office for Civil Rights at the University of Utah. Earlier in the year, incidents were recorded on March 21 and April 3 and affected 3,670 and 5,000 patients. In the most recent...

Read More
Illegal Disposal of Patient Records Discovered by St Joseph Health System
Jun07

Illegal Disposal of Patient Records Discovered by St Joseph Health System

St Joseph Health System in North Central Indiana is contacting clients to inform them that a portion of protected health information has been breached and may have been viewed by unauthorized people. The breach did not occur at St Joseph Health, but at one of its business associates. Central Files Inc, a secure record storage service in South Bend, IN, was hired to securely store patient records in compliance with federal and state...

Read More
BJC HealthCare Patients at 19 Hospitals Impacted by Phishing Attack
May30

BJC HealthCare Patients at 19 Hospitals Impacted by Phishing Attack

BJC Healthcare has released that statement that revealed that three of its staff email accounts have been accessed by an unauthorized actor as a result of some workers answering phishing emails. Suspicious activity was uncovered in the staff email accounts on March 6, 2020 and the accounts were immediately locked down. A leading computer forensics company was hired to conduct an investigation which revealed the three accounts had only...

Read More
Ransomware Attack Sees Data Stolen from Magellan Health
May22

Ransomware Attack Sees Data Stolen from Magellan Health

Magellan Health, a Fortune 500 company, has revealed that it has suffered a ransomware attack during April that led to the encryption of files and theft of some employee data. The ransomware attack was first discovered by Magellan Health on April 11, 2020 when files and databases were encrypted. The investigation into the attack showed the hacker had obtained access to its systems when someone replied to a spear phishing email on...

Read More
Saint Francis Healthcare Partners & Florida Internal Medicine Practice Hit by Ransomware Attacks
May15

Saint Francis Healthcare Partners & Florida Internal Medicine Practice Hit by Ransomware Attacks

Saint Francis Healthcare Partners in Connecticut has begun making contact with 38,529 patients to make them aware that a portion of their protected health information may have been stolen by hackers as a result of a “sophisticated cybersecurity incident” that allowed an unauthorized individual to gain access to its email database. The attack took place on December 30, 2019 but it was not until March 20, 2020 that the forensic...

Read More
Tornado Hits Secure Medical Record Facility, Impacting Patients Medical Records
May06

Tornado Hits Secure Medical Record Facility, Impacting Patients Medical Records

Many hospitals have been impacted by a natural disaster that has affected Waupaca, WI-based STAT Informatics Solutions, LLC. STAT provides secure medical record services to a number of healthcare providers. Some the the services include scanning paper files so they can be incorporated into hospital medical record systems. On March 3, 2020, a STAT center in Lebanon, TN was struck by a tornado, which caused widespread damage to the...

Read More
Losses Caused by Data Breaches Lead to Shareholder Suing LabCorp
May03

Losses Caused by Data Breaches Lead to Shareholder Suing LabCorp

A LabCorp shareholder has initiated a legal action against LabCorp and its executives and directors in relation the loss in share value following two cyberattacks experienced by the company in the past year. LabCorp was one of the firms most impacted by the data breach at the medical debt collection company, American Medical Collection Agency (AMCA) in 2019. The records of 10,251,784 patients who used LabCorp’s services were stolen by...

Read More