U.S. Data Breach Impacts 829,454 Luxottica Patients
Nov17

U.S. Data Breach Impacts 829,454 Luxottica Patients

The largest eyewear firm globally, Luxottica, has had a number of its web portals targeted in a cyberattack that has resulted in a breach of the private data of over 800,000 patients. Luxottica makes designer eyewear for numerous renowned fashion brands and owns many famous eyewear brands such as Ray-Ban. The group also manages the EyeMed vision benefits company and collaborates with LensCrafters, Target Optical, EyeMed, Pearle...

Read More

Saint Francis Healthcare Data Breach Lawsuit Settled for $350,000

In relation to September 2019 ransomware attack on Ferguson Medical Group (FMG), a $350,000 settlement has been reached between Saint Francis Healthcare System and patients impacted by the attack.  FMG was purchased by Saint Francis after a cyberattack resulted in many important records being inaccessible. They tried to retrieve all impacted records via backups, though some were could no be rescued. These files included medical...

Read More
City of New Haven Fined €202,000 for Failure to Terminate Former Employee’s Access Rights
Nov03

City of New Haven Fined €202,000 for Failure to Terminate Former Employee’s Access Rights

In Connecticut the City of New Haven has committed to paying a $203,400 financial penalty to the Department of Health and Human Services’ office for Civil Rights to compensate for a HIPAA violation case.  An OCR investigation was initiated in May 2017 following a receipt of data breach notification originating in New Haven on January 24. OCR investigated if the City of New Haven was responsible for HIPAA violations. Following this...

Read More
Ryuk Ransomware Gang Steps Up Attacks on U.S. Hospitals
Oct30

Ryuk Ransomware Gang Steps Up Attacks on U.S. Hospitals

The U.S Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) have issued a warning to healthcare providers and public health agencies of an imminent threat of attacks using Ryuk ransomware. An advisory was issued on October 28, 2020 after credible evidence was uncovered indicating the operators of Ryuk...

Read More
Finnish Psychotherapy Provider and Patients Blackmailed and Threatened with Publication of Sensitive Data
Oct27

Finnish Psychotherapy Provider and Patients Blackmailed and Threatened with Publication of Sensitive Data

A national network of psychotherapy clinics in Finland has suffered a cyberattack in which highly sensitive patient data were stolen. The company was issued with a ransom demand along with a threat to publish the stolen data if payment was not made. The attackers followed through with that threat and have published some of the data stolen in the attack and have also issued ransom demands to individual patients, threatening to disclose...

Read More
Multi-State Breach Investigation Settled with Community Health Systems Paying $5 Million Penalty
Oct16

Multi-State Breach Investigation Settled with Community Health Systems Paying $5 Million Penalty

Tennessee-based Community Health Systems and subsidiary CHSPCS LLC have settled a multiple-state action with 28 state attorneys general for $5 million.  A joint investigation was launched headed by Tennessee Attorney General Herbert. H. Slatery III after a breach of the protected health information (PHI) of 6.1 million people in 2014. At the time, Community Health Systems owned, leased, or operated 206 hospitals. According to a 2014...

Read More
Facilitating or Paying a Ransomware Payment will Lead to Sanctions: US Treasury Department
Oct12

Facilitating or Paying a Ransomware Payment will Lead to Sanctions: US Treasury Department

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has warned that companies that facilitate ransom payments to cybercriminals on behalf of victims of the attacks could face sanctions risks for violating OFAC regulations. Victims of ransomware attacks that pay ransoms to cyber actors could similarly face steep fines from the federal government if it is discovered that the criminals behind the attacks are already...

Read More
Clinical Trial Software Provider Hit with Ransomware Attack
Oct09

Clinical Trial Software Provider Hit with Ransomware Attack

eResearch, a software company from Philadelphia, which sells software used in vital research on Covid-19, was hit with a ransomware attack that has affected many of the company’s clientele, some of which are conducting Covid-19 vaccine trials. In the last year alone, eResearch Technology’s software was used in three quarters of all clinical trials carried out worldwide. The attack took place on September 20, 2020 forcing...

Read More
Some Blackbaud Customers had Sensitive Data Stolen in Ransomware Attack
Oct05

Some Blackbaud Customers had Sensitive Data Stolen in Ransomware Attack

Blackbaud has confirmed in a recent U.S. Securities and Exchange Commission (SEC) Form 8-K filing that the ransomware attack it experienced in May 2020 did not only involve donors’ personal information. Some of its customers also had sensitive information such as bank account details, Social Security numbers, and usernames and passwords exposed or stolen in the attack. When Blackbaud discovered the ransomware attack in May 2020, its...

Read More
Universal Health Services Ransomware Attack Cripples Hospitals Across the United States
Sep29

Universal Health Services Ransomware Attack Cripples Hospitals Across the United States

Universal Health Services (UHS) has suffered a ransomware attack that has taken IT systems out of action across its nationwide network of hospitals. UHS is a Fortune 500 healthcare provider and one of the largest providers of hospital and healthcare services in the United States. UHS has around 400 hospitals and healthcare facilities throughout the United States, Puerto Rico and the UK and had annual revenues of $11.37 billion in...

Read More
Breach of 6 Million Records and Multiple HIPAA Failures Leads to $2.3 Million HIPAA Fine for Business Associate
Sep26

Breach of 6 Million Records and Multiple HIPAA Failures Leads to $2.3 Million HIPAA Fine for Business Associate

The Tennessee-based management company CHSPSC LLC, a supplier of services to a range of different subsidiary hospital operator companies and other affiliates of Community Health Systems, including legal, compliance, accounting, operations, human resources, IT, and health information management services, has been fined $2.3 million in relation to five potential violations of the HIPAA Rules. The fine was made public this week by the...

Read More
7,777 Patients Impacted by Starling Physicians Email Breach
Sep21

7,777 Patients Impacted by Starling Physicians Email Breach

Starling Physicians has begun contacting 7,777 patients to make them aware that a portion of their protected health information may have been accessed by an unauthorized person. The breach was discovered at the beginning of July and an in depth investigation was initiated. No evidence was uncovered to suggest PHI had been illegally accessed, although it was not possible to rule out unauthorized access to data theft. Some of the data...

Read More
Ransomware Attack on Hospital Leads to the Death of a Patient
Sep18

Ransomware Attack on Hospital Leads to the Death of a Patient

A ransomware attack on a German hospital that took critical systems out of action and forced the cancellation of appointments and the temporary closure of its emergency department has led to the death of a patient. On or before September 10, 2020, Düsseldorf University Clinic was attacked with ransomware. The file encryption caused systems to crash and prevented patient information from being accessed. The extent of the encryption and...

Read More
Cyberattack on U.S. Department of Veteran Affairs Impacts 46,000 Veterans
Sep16

Cyberattack on U.S. Department of Veteran Affairs Impacts 46,000 Veterans

The U.S. Department of Veteran Affairs (VA) has announced that the personal and protected health information of approximately 46,000 veterans has potentially been obtained by unauthorized individuals who were attempting to redirect VA payments to community healthcare providers. The attack involved the use of social engineering techniques to obtain credentials for an application used by the VA’s Financial Services Center (FSC), with...

Read More
Five OCR HIPAA Fines for HIPAA Right of Access Failures
Sep16

Five OCR HIPAA Fines for HIPAA Right of Access Failures

The Department of Health and Human Services’ Office for Civil Rights (OCR) has recently agreed to settle five HIPAA compliance cases that were investigated after individuals were denied access to their health information. The HIPAA Privacy Rule gave individuals the right to obtain a copy of their health records from their providers, health insurer, and business associates of those entities. Access must be provided quickly and no later...

Read More
Northern Light Health Foundation Alerts 657,392 Donors About Blackbaud Ransomware Attack
Aug18

Northern Light Health Foundation Alerts 657,392 Donors About Blackbaud Ransomware Attack

The Brewer, ME-based integrated healthcare group, Northern Light Health Foundation, has revealed it has been impacted by the recent ransomware attack on Blackbaud Inc. The databases affected include information about donors, possible donors, and individuals who may have attended a fundraising event in the past. Patient medical records were stored separately and were unaffected. The databases contained the records of 657,392 people....

Read More
Phishing Attack Hits Children’s Hospital in Colorado
Aug10

Phishing Attack Hits Children’s Hospital in Colorado

Children’s Hospital Colorado is contacting 2,553 patients to inform them that some of their protected health information was held in an email account that was accessed by an unauthorized person between April 6-12, 2020. Credentials to access the account were stolen when an employee answered a phishing email. The phishing attack was discovered by the hospital on June 22, 2020 and the account was immediately safeguarded. A review of the...

Read More
PHI of Customers Stolen in Looting Incidents at Cub Pharmacies
Aug03

PHI of Customers Stolen in Looting Incidents at Cub Pharmacies

A pharmacy network has revealed the protected health information of some of its customers has been illegally taken by looters in late May during the period of civil unrest. From May 27-30, 2020, 8 Cub pharmacies in the Minneapolis area were broken into and items were taken such as paperwork containing the protected health information of its customers. Items taken from the clinic included locked safes that contained credit card...

Read More
Rhode Island Health System Hit with $1 Million Fine for Noncompliance with HIPAA Rules
Jul28

Rhode Island Health System Hit with $1 Million Fine for Noncompliance with HIPAA Rules

The Rhode Island non-profit health system, Lifespan Health System Affiliated Covered Entity (Lifespan), has been fined $1,040,000 by the Department of Health and Human Services’ Office for Civil Rights for violations of the Health Insurance Portability and Accountability Act (HIPAA) Rules. Had HIPAA Rules been followed, a data breach of 20,431 healthcare records would have been avoided. Lifespan was investigated by OCR following the...

Read More
Sarrell Regional Dental Center Ransomware Legal Action Thrown Out by Federal Judge
Jul24

Sarrell Regional Dental Center Ransomware Legal Action Thrown Out by Federal Judge

A legal action filed against Sarrell Regional Dental Center for Public Health Inc. in relation to a July 2019 ransomware attack has been thrown out by a Federal judge due to a lack of standing. Sarrell was able to bounce back from the attack and restore its computer systems and data without meeting the ransom demand, although the dental center was forced to shut down for a period of two weeks while its systems were restored. No proof...

Read More
Healthcare Fiscal Management Ransomware Attack Impacts Up to 58,000 People
Jul14

Healthcare Fiscal Management Ransomware Attack Impacts Up to 58,000 People

The Wilmington, NC-based provider of self-pay conversion and insurance eligibility services to hospitals, clinics and physician groups, Healthcare Fiscal Management Inc. (HFMI), has revealed that is was hit by a ransomware attack in which the personal and protected health information of patients of St. Mary’s Health Care System in Athens, GA may have been accessed or obtained by cybercriminals. An unauthorized person obtained access...

Read More
Portals Accessed Using Stolen Credentials of Health Plan Members
Jul03

Portals Accessed Using Stolen Credentials of Health Plan Members

Independence Blue Cross, AmeriHealth HMO, Inc. and AmeriHealth Insurance Company of New Jersey have discovered hackers obtained access to pages in their member portals between March 17, 2020 and April 30, 2020 and may have seen the personal and protected health information of some of their account holders. The range of data possibly accessed included names, member identification numbers, plan type, spending account balances, user...

Read More
Cybercriminal Apprehended & Charged for 2014 UPMC Cyberattack
Jun27

Cybercriminal Apprehended & Charged for 2014 UPMC Cyberattack

The United States Attorney’s Office of the Western District of Pennsylvania has released a statement that confirms a suspect has been arrested and charged in relation to the 2014 hacking of the human resources databases of University of Pennsylvania Medical Center (UPMC). UPMC manages 40 hospitals around 700 outpatient sites and doctors’ offices and employs over 90,000 staff. In January 2014, UPMC discovered a hacker had obtained...

Read More
Another Phishing Attack Impacts University of Utah Health
Jun15

Another Phishing Attack Impacts University of Utah Health

University of Utah Health has been impacted by a new phishing attack, with the most recent attack leading to the exposure of the protected health information (PHI) of 2,700 clients. This is the third phishing attack to be recorded during 2020 by the HHS’ Office for Civil Rights at the University of Utah. Earlier in the year, incidents were recorded on March 21 and April 3 and affected 3,670 and 5,000 patients. In the most recent...

Read More
Illegal Disposal of Patient Records Discovered by St Joseph Health System
Jun07

Illegal Disposal of Patient Records Discovered by St Joseph Health System

St Joseph Health System in North Central Indiana is contacting clients to inform them that a portion of protected health information has been breached and may have been viewed by unauthorized people. The breach did not occur at St Joseph Health, but at one of its business associates. Central Files Inc, a secure record storage service in South Bend, IN, was hired to securely store patient records in compliance with federal and state...

Read More
BJC HealthCare Patients at 19 Hospitals Impacted by Phishing Attack
May30

BJC HealthCare Patients at 19 Hospitals Impacted by Phishing Attack

BJC Healthcare has released that statement that revealed that three of its staff email accounts have been accessed by an unauthorized actor as a result of some workers answering phishing emails. Suspicious activity was uncovered in the staff email accounts on March 6, 2020 and the accounts were immediately locked down. A leading computer forensics company was hired to conduct an investigation which revealed the three accounts had only...

Read More
Ransomware Attack Sees Data Stolen from Magellan Health
May22

Ransomware Attack Sees Data Stolen from Magellan Health

Magellan Health, a Fortune 500 company, has revealed that it has suffered a ransomware attack during April that led to the encryption of files and theft of some employee data. The ransomware attack was first discovered by Magellan Health on April 11, 2020 when files and databases were encrypted. The investigation into the attack showed the hacker had obtained access to its systems when someone replied to a spear phishing email on...

Read More
Saint Francis Healthcare Partners & Florida Internal Medicine Practice Hit by Ransomware Attacks
May15

Saint Francis Healthcare Partners & Florida Internal Medicine Practice Hit by Ransomware Attacks

Saint Francis Healthcare Partners in Connecticut has begun making contact with 38,529 patients to make them aware that a portion of their protected health information may have been stolen by hackers as a result of a “sophisticated cybersecurity incident” that allowed an unauthorized individual to gain access to its email database. The attack took place on December 30, 2019 but it was not until March 20, 2020 that the forensic...

Read More
Tornado Hits Secure Medical Record Facility, Impacting Patients Medical Records
May06

Tornado Hits Secure Medical Record Facility, Impacting Patients Medical Records

Many hospitals have been impacted by a natural disaster that has affected Waupaca, WI-based STAT Informatics Solutions, LLC. STAT provides secure medical record services to a number of healthcare providers. Some the the services include scanning paper files so they can be incorporated into hospital medical record systems. On March 3, 2020, a STAT center in Lebanon, TN was struck by a tornado, which caused widespread damage to the...

Read More
Losses Caused by Data Breaches Lead to Shareholder Suing LabCorp
May03

Losses Caused by Data Breaches Lead to Shareholder Suing LabCorp

A LabCorp shareholder has initiated a legal action against LabCorp and its executives and directors in relation the loss in share value following two cyberattacks experienced by the company in the past year. LabCorp was one of the firms most impacted by the data breach at the medical debt collection company, American Medical Collection Agency (AMCA) in 2019. The records of 10,251,784 patients who used LabCorp’s services were stolen by...

Read More
14,795 Oncology Patients Impacted in Washington University School of Medicine Data Breach
Apr20

14,795 Oncology Patients Impacted in Washington University School of Medicine Data Breach

Washington University School of Medicine is getting in touch with 14,795 oncology patients to inform them that a portion of their protected health information may have been breached in January 2020. An unauthorized person obtained access to the email account of a research supervisor in the Division of Oncology at some point between January 12, 2020 and January 13, 2020 following a response to a phishing email. Upon identification of...

Read More
Ransomware Attack on Andrews Braces Impacts PHI of 16,600 Patients
Apr14

Ransomware Attack on Andrews Braces Impacts PHI of 16,600 Patients

The Sparks, NV orthodontics clinic, Andrews Braces, has suffered a ransomware attack that resulted in the encryption of patient data. The attack was discovered on February 14, 2020, with the subsequent investigation determining the ransomware was downloaded the previous day.The practice contracted a third-party forensic investigator to examine the range and extent of the attack and determine whether patient information had been stolen...

Read More
Brandywine Urology Consultants Ransomware Attack Potentially Impacts Over 113,000 Patients
Apr13

Brandywine Urology Consultants Ransomware Attack Potentially Impacts Over 113,000 Patients

Delaware medial practice Brandywine Urology Consultants has revealed that a ransomware attack on January 25, 2020 led to the encryption of files on its servers and computers. The full extent of the attack was limited and the practice’s electronic medical record system was not impacted. No medical records were exposed or infiltrated in the attack.The practice moved quickly and took steps to address the attack and reduce the harm...

Read More
Healthcare Resource Group & Confido have PHI Exposed in Phishing Attacks
Apr10

Healthcare Resource Group & Confido have PHI Exposed in Phishing Attacks

The pharmacy benefits consulting group Confido has begun alerting 3,600 of its clients’ employees, members, and their dependents, that a portion of their personal information may have been accessed by an unauthorized person who obtained access to an employee’s email account.The email account breach was discovered on December 12, 2020 and an investigation was initiated to determine the scale and extent of the breach. With the help of a...

Read More

Otis R. Bowen Center for Human Services Data Breach Impacts up to 35,800 Patients

The Otis R. Bowen Center for Human Services, an Indiana-based supplier of mental health and addiction recovery healthcare services, has revealed that unauthorized actors have obtained access to the email accounts of two of its staff members. It is not yet known when the email account breaches took place and for how long unauthorized individuals had access to the email accounts. In its website substitute breach alert, The Otis R. Bowen...

Read More
Multiple Data Breaches Reported
Mar28

Multiple Data Breaches Reported

There has been a number of healthcare data breaches made known to the HHS’ Office for Civil Rights (OCR) during the past few weeks. AffordaCare Urgent Care Clinics in Texas was attacked with Maze Ransomware. A report on DataBreaches.net revealed that the cybercriminals obtained 40GB of data prior to encrypting files. Some of the stolen data was published online when AffordaCare refused to pay the ransom. It is not yet known how many...

Read More
Data Breaches Reported at LifeSprk & University of Utah Health
Mar25

Data Breaches Reported at LifeSprk & University of Utah Health

LifeSprk is making contact with 9,000 of its account holders to inform them that a a limited amount of their protected health information may have been illegally accessed or stolen due to a November 2019 phishing attack. On January 17, 2020, the Minnesota-based senior care provider became aware that an unauthorized person had illegally accessed the email account of one of its staff members. The account was quickly secured and a...

Read More
Email Security Breaches at Relation Insurance & Rainbow Hospice Care
Mar09

Email Security Breaches at Relation Insurance & Rainbow Hospice Care

Relational Insurance Inc., an insurance brokerage company operating as Relation Insurance Services of Georgia (RISG), suffered an email security breach in August 2019. An unauthorized person was discovered to have obtained access to the email account of an employee and possibly accessed or copied emails that included protected health information (PHI). The breach was discovered on August 15, 2019 when suspicious activity was noticed...

Read More
Vulnerability in Walgreens Mobile App Secure Messaging Feature Made PHI Accessible
Mar06

Vulnerability in Walgreens Mobile App Secure Messaging Feature Made PHI Accessible

Walgreens has started contacting customers to make them aware that a portion of their protected health information may have been accessed by unauthorized individual due to an error in the personal secure messaging feature of the Walgreens mobile app. The secure messaging app includes a feature that allows registered customers to manage and receive SMS prescription refill notifications and deals and coupons. A vulnerability in the app...

Read More
Final Approval Given for Quest Diagnostics 2016 Data Breach Settlement
Mar03

Final Approval Given for Quest Diagnostics 2016 Data Breach Settlement

A federal judge has given final approval to a settlement in a class action lawsuit filed against the New Jersey-based medical laboratory firm, Quest Diagnostics Inc., in relation to its 2016 data breach. The $195,000 settlement will see up to $325 compensation made available for each person impacted by the breach. On November 26, 2016 hackers obtained access to the Care360 MyQuest mobile app that is used by patients to store and share...

Read More
First HIPAA Penalty of 2020 Announced by HHS’ Office for Civil Rights
Mar02

First HIPAA Penalty of 2020 Announced by HHS’ Office for Civil Rights

The first HIPAA penalty of 2020 has been announced by the Department of Health and Human Services’ Office for Civil Rights (OCR) and has been sanctioned against the medical practice of Steven A. Porter, M.D. The practice has agreed to pay a fine of $100,000 to resolve possible breaches of the HIPAA Security Rule and will implement a corrective action plan to tackle all areas of noncompliance discovered during the compliance audit. Dr....

Read More
Physician Network Affiliated with Boston Children’s Hospital Impacted by Malware Attack
Feb24

Physician Network Affiliated with Boston Children’s Hospital Impacted by Malware Attack

On Monday, February 10, 2020, Pediatric Physicians’ Organization at Children’s (PPOC), a physician group that works with Boston Children’s Hospital, suffered a malware attack that led to a system outage which stopped its 500+ pediatricians, nurse practitioners, and physician assistants from viewing patient data and scheduling appointments. PPOC has around 200 servers, 11 of which were affected by the attack. IT teams at PPOC and...

Read More
2020 Healthcare Data Breach Report
Feb20

2020 Healthcare Data Breach Report

Protenus has released its 2020 healthcare data breach report which shows the past 12 months have been the worst ever in terms of the number of reported breaches. For its 2020 Breach Barometer report, Protenus, in conjunction with databreaches.net, identified more than 572 healthcare data breaches of 500 or more records in 2019, up 48.6% compared to 2018. The number of data breaches affecting the healthcare industry has increased...

Read More
30,000 Patients Impacted by Fondren Orthopedic Group Malware Attack
Feb13

30,000 Patients Impacted by Fondren Orthopedic Group Malware Attack

Fondren Orthopedic Group, an association of private orthopedic surgery practitioners in Houston and the surrounding areas, experienced a cyberattack that affected certain parts of its IT system on November 21, 2019. In a substitute breach notice published on its website, the incident was referred to as a malware attack that damaged the medical records of specific patients. Quick action was taken to limit the infection and its systems...

Read More
16,167 Patients Hit by Hospital Sisters Health System Email Breach
Feb13

16,167 Patients Hit by Hospital Sisters Health System Email Breach

Hospital Sisters Health System has recently found out that an email security breach in August 2019 led to unauthorized people obtaining access to emails and email attachments that included the protected health information of 16,167 patients. Hospital Sisters Health System is a 15-hospital health network serving patients in Illinois and Wisconsin. Between August 6, 2019 and August 9, 2019, unauthorized people obtained access to the...

Read More
Phoenix Children’s Hospital & New York Nursing Center Impacted by Phishing Incident
Feb06

Phoenix Children’s Hospital & New York Nursing Center Impacted by Phishing Incident

A business email compromise (BEC) attack has impacted Village Center for Care dba VillageCare Rehabilitative and Nursing Center (VRNC) and Village Senior Services Corporation dba VillageCareMAX (VCMAX). BEC attacks involve the impersonation of an executive, either using the executive’s actual email account compromised in a previous attack, or by spoofing the executive’s email address. An unauthorized person, pretending to be part of...

Read More
30,000 Patients Affected After Malware Corrupts Medical Records
Feb03

30,000 Patients Affected After Malware Corrupts Medical Records

On November 21, 2019, Fondren Orthopedic Group, an association of private orthopedic surgery practitioners located in Houston and the surrounding areas, were hit by a cyberattack that impacted specific elements of its IT system. In a substitute breach notice published on its website, the incident was referred to as a malware attack that damaged the medical records of specific patients. Swift action was taken to limit the infection and...

Read More
Florida and Texas Healthcare Providers Report Ransomware Attacks
Jan20

Florida and Texas Healthcare Providers Report Ransomware Attacks

One of the most recent developments in the world of cyber crime to the tactic of threat actors to deploy ransomware to encrypt files to stop data access, but also to obtain data and threaten to publish or sell on the stolen data if the huge ransom demands are not met. This new tactic aims at growing the chance of finding victims paying the ransom. The Center for Facial Restoration in Miramar, FL, is one of the biggest healthcare...

Read More
DHS: Citrix Vulnerability Being Exploited Still
Jan16

DHS: Citrix Vulnerability Being Exploited Still

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has released an alert in relation to a recently discovered flaw in the Citrix Application Delivery Controller and Citrix Gateway web server appliances. The vulnerability, referred to as CVE-2019-19781, can be exploited via the internet and can make remote execution of arbitrary code on vulnerable appliances possible. The flaw, when exploited,...

Read More
False Allegations of HIPAA Violations Result in Georgia Man Being Charged
Jan14

False Allegations of HIPAA Violations Result in Georgia Man Being Charged

Following the discover of a complex scheme to set up an acquaintance in relation to breaches violations of the Health Insurance Portability and Accountability Act (HIPAA), a Georgia man has been charged. The man in question, 43-year-old Jeffrey Parker, claimed that he was a whistleblower reporting HIPAA breaches committed by a nurse.Mr Parker made the breaches known to the hospital where the person was employed, and official...

Read More
Phishing Attack Leads to Second Lawsuit Against Kalispell Regional Healthcare
Jan13

Phishing Attack Leads to Second Lawsuit Against Kalispell Regional Healthcare

A second lawsuit has been submitted against Kalispell Regional Healthcare in Montana in relation to a May 2019 phishing attack that resulted in the email accounts of some of its employees accessed by hackers. Kalispell Regional Healthcare became aware of the breach on August 28, 2019. The investigation showed that the hackers gained access to staff email accounts on May 24, 2019 and potentially accessed patient data. A forensic...

Read More
Three-Year Insider Breach Discovered at North Ottawa Community Health System
Jan03

Three-Year Insider Breach Discovered at North Ottawa Community Health System

North Ottawa Community Health System (NOCH) has become aware that a staff member at North Ottawa Community Hospital in Grand Haven, MI, viewed the medical records of patients without authorization over a period of three years. This issue was brought to the attention of the health system on October 15 by another employee. A review into the alleged inappropriate access was initiated on October 17 and the employee was suspended pending...

Read More
Up to 15 Million Individuals Potentially Affected by Ransomware Attack on Medical Testing Firm
Dec18

Up to 15 Million Individuals Potentially Affected by Ransomware Attack on Medical Testing Firm

LifeLabs, one of the largest medical testing and diagnostics firms in Canada, has been attacked with ransomware. The attack is believed to have occurred on or before November 1, 2019, although the cyberattack has only recently been announced. After careful consideration, the decision was taken to pay the ransom to recover customer data. The payment was made through a company that specializes in dealing with ransomware attacks. The...

Read More
The Cancer Center of Hawaii Delayed Radiation Therapy for Patients Due to Ransomware Attack
Dec13

The Cancer Center of Hawaii Delayed Radiation Therapy for Patients Due to Ransomware Attack

A ransomware attack took place, on November 5, 2019, on the Cancer Center of Hawaii in Oahu. The attack meant that the Cancer Center to close down its network servers, which meant it was temporarily stopped from providing radiation therapy to clients at Pali Momi Medical Center and St. Francis’ hospital in Liliha. While patient services suffered some disruption, no patient information is thought to have been accessed by the hackers....

Read More
$85,000 HIPAA Right of Access Failures Results in Financial Penalty for Korunda Medical
Dec13

$85,000 HIPAA Right of Access Failures Results in Financial Penalty for Korunda Medical

The Department of Health and Human Services’ Office for Civil Rights has revealed its second enforcement action as part of its HIPAA Right of Access Initiative. Florida-based Korunda Medical has agreed to settle potential fines for the HIPAA Right of Access and will implement a corrective action plan and bring its policies and procedures in line with the obligations of the HIPAA Privacy Rule. In March 2019, OCR was submitted with a...

Read More
Zeppelin Ransomware Used to Attack MSPs, Technology, and Healthcare Companies
Dec13

Zeppelin Ransomware Used to Attack MSPs, Technology, and Healthcare Companies

Security researchers at Blackberry Cylance have identified a new variant of Buran ransomware which is being used in targeted attacks on technology and healthcare companies in Europe and the United States. The new ransomware variant was first detected on November 6, 2019. It is written in Delphi and is a member of the VegaLocker and Buran ransomware family. It is believed to be distributed under the ransomware-as-a-service model. The...

Read More
80,000 Patients of Southeastern Minnesota Oral & Maxillofacial Surgery Impacted in Ransomware Attack
Dec12

80,000 Patients of Southeastern Minnesota Oral & Maxillofacial Surgery Impacted in Ransomware Attack

Southeastern Minnesota Oral & Maxillofacial Surgery (SEMOMS) has made it public that a ransomware may have impacted the protected health information of almost 80,000 patients. The attack was first discovered on September 23, 2019. The IT team reacted quickly and secured the compromised server so as to restore the encrypted data. It is not known whether the ransom was paid or if the IT team was able to bring the server back online...

Read More
100 Dental Practices Affected by Ransomware Attack on Managed Service Provider
Dec12

100 Dental Practices Affected by Ransomware Attack on Managed Service Provider

An Englewood, CO-based Complete Technology Solutions (CTS) Colorado IT firm that specializes in supplying managed IT services to over 100 dentist practices has been infiltrated as part of a ransomware attack. Indications are that attack was initiated at the end of November. KrebsonSecurity published a report that revealed CTS was sent request for $700,000  in ransom money. This payment was to be made in order for the keys to unlock...

Read More
Cheyenne Regional Medical Center Experiences Phishing Attack
Dec12

Cheyenne Regional Medical Center Experiences Phishing Attack

Cheyenne Regional Medical Center in Wyoming has recently became aware that patient data may have been illegally obtained due to a phishing attack identified in April. The medical center was made aware of a potential security breach following the detection of suspicious activity related to staff payroll accounts on or around April 5, 2019. Around a week later, the medical center discovered that employee email accounts had been...

Read More
Sunrise Community Health and Katherine Shaw Bethea Hospital Suffer Phishing Attacks
Dec12

Sunrise Community Health and Katherine Shaw Bethea Hospital Suffer Phishing Attacks

Evans, CO-based Sunrise Community Health has learned that the email accounts of several staff members were compromised due to employees responding to phishing emails. The email accounts were accessed by unauthorized people between September 11, 2019 and November 22, 2019. Assisted by third party company of computer forensics experts, Sunrise Community Health determined on November 5, 2019 that the infiltrated email accounts included...

Read More
Ransomware Attack on IT Company Impacts more than 100 Dental Practices
Dec09

Ransomware Attack on IT Company Impacts more than 100 Dental Practices

More than 100 dental practices have had essential files encrypted as a result of a ransomware attack on an IT service provider. On November 25, 2019, the Englewood, Colorado-based IT firm Complete Technology Solutions (CTS) was attacked and its data was encrypted by Sodinokibi ransomware, aka rEvil. The firm was reportedly issued with a ransom demand of $700,000 in cryptocurrency for the keys to unlock the encrypted files. The firm...

Read More
Ransomware Attack Impacts 107,000 Ferguson Medical Group Patients
Nov24

Ransomware Attack Impacts 107,000 Ferguson Medical Group Patients

Saint Francis Healthcare System has revealed that the computer network of Ferguson Medical Group has been hit by a ransomware attack. The attack took place on September 21, 2019, before Saint Francis Medical Center purchased the Sikeston, MO-based medical group. Saint Francis Healthcare became aware of the ransomware attack on September 21. A notice published on the Saint Francis Healthcare website, the hackers succeeded in encrypting...

Read More
9,800  Employee  Records Potentially Accessed Without Authorization at Former Aegis Medical Group
Nov23

9,800 Employee Records Potentially Accessed Without Authorization at Former Aegis Medical Group

The Florida physician network, Aegis Medical Group, has begun contacting 9,800 patients to advise them that their protected health information may have been obtained and viewed by a former employee. That individual is thought to have tried to sell patient records to third parties thought to have been participating in identity theft and fraud. Aegis Medical Group was contacted by law enforcement agencies on September 11, 2019 in...

Read More
UNC Chapel Hill School of Medicine and Starling Physicians Report Phishing Attacks
Nov20

UNC Chapel Hill School of Medicine and Starling Physicians Report Phishing Attacks

University of North Carolina Chapel Hill School of Medicine has been hit by a phishing attack in which the protected health information of 3,716 patients has potentially been obtained by unauthorized individuals. A review by third-party forensics experts revealed that a number of employee email accounts were compromised between May 17, 2018 and June 18, 2018. It is not obvious when the security breach was first detected. The range of...

Read More
California Addiction Treatment Center Hit by Cyber Attack
Nov16

California Addiction Treatment Center Hit by Cyber Attack

An AWS S3 storage bucket owned by Sunshine Behavioral Health, LLC, a San Juan Capistrano, CA-based organization of drug and alcohol addiction rehabilitation centers, has been misconfigured, leading to the exposure of sensitive patient information. The misconfigured AWS S3 bucket was first reported to databreaches.net in August 2019. Sunshine Behavioral Health was contacted and the bucket was secured; however, the data exposure does...

Read More
Loyola Medicine and Main Street Clinical Associates Report PHI Theft Incidents
Nov14

Loyola Medicine and Main Street Clinical Associates Report PHI Theft Incidents

Main Street Clinical Associates, PA., in Durham, NC has contacted  certain patients that some of their protected health information was stored on devices that were illegally taken from its offices. The theft took place when the Main Street offices had been evacuated due to a bad gas explosion. Workers at the office were ordered to evacuate the building on April 10, 2019 following an explosion in an nearby building. Files and equipment...

Read More
Business Associate Phishing Attack Impacts TennCare and Florida Blue Members
Nov03

Business Associate Phishing Attack Impacts TennCare and Florida Blue Members

More healthcare organizations have revealed they have been impacted by a data breach at Magellan Health National Imaging Associates, a business associate of several HIPAA-covered groups that supply managed pharmacy and radiology benefits services. Danville, PA-located Geisinger Health Plan revealed last month that 5,848 of its account holders had been impacted by the breach and Albuquerque, NM-based Presbyterian Health Plan has...

Read More
Kalispell Regional Healthcare Contacts 140,209 Patients About Phishing Attack
Oct30

Kalispell Regional Healthcare Contacts 140,209 Patients About Phishing Attack

Kalispell Regional Healthcare, located in Montana, is currently getting in touch with around 140,000 patients that some of their protected health information (PHI) was potentially impacted in a security breach over the summer. Kalispell Regional Healthcare runs Kalispell Regional Medical Center, a 138-bed hospital in Kalispell, MT. The breach has impacted the majority of its patients. The breach impacted Kalispell Regional’s email...

Read More
Millions of Patients’ Sensitive Data Found to be Accessible via the Internet
Oct23

Millions of Patients’ Sensitive Data Found to be Accessible via the Internet

Due to the failure of nine companies to secure their medical databases, the sensitive health information of millions of patients has been exposed over the internet. The exposed patient data was found by security experts at WizeCase. The research team, headed by Avishai Efrat, used publicly available tools to search for exposed data that could be obtained without the need for any usernames or passwords. The firm then provides...

Read More
15,982 South Texas Dermatopathology Patients Contacted in Relation to AMCA Data Breach
Oct23

15,982 South Texas Dermatopathology Patients Contacted in Relation to AMCA Data Breach

South Texas Dermatopathology is the most recent victim of the data breach at American Medical Collection Agency (AMCA) to make the breach known to the Department of Health and Human Services Office for Civil Rights (OCR) and alert impacted patients. The breach was published on the OCR breach portal on October 7, 2019 and indicates 15,982 patients have been impacted. AMCA was a business associate of the San Antonio, TX-located medical...

Read More
Shared Network Drives Expose Thousands of Veterans’ Records
Oct19

Shared Network Drives Expose Thousands of Veterans’ Records

A report published by the Department of Veteran Affairs’ Office of Inspector General (VA OIG) audit has revealed that Internal Department of Veteran Affairs (VA) communications, disability claims, and the health information of thousands of veterans have been exposed and could possibly have been accessed by VA employees authorized to view the data. VA OIG completed an audit of the VA’s Milwaukee Regional Office following a call from a...

Read More
Healthcare Data Breach Report for September 2019 Published
Oct11

Healthcare Data Breach Report for September 2019 Published

36 healthcare data breaches of more than 500 records were reported to the Department of Health and Human Services’ Office for Civil Rights, during September, a 26.53% drop in the number of breaches from August. 1,957,168 healthcare records were illegally accessed in those breaches, a rise of 168.11% from August. The massive rise in the number of breached records is largely down to four reported incidents, each of which included...

Read More
Major Disruption to Patient Services at Campbell County Health due to Ransomware Attack
Sep23

Major Disruption to Patient Services at Campbell County Health due to Ransomware Attack

Campbell County Health in Gillette, WY, has experienced a ransomware attack that has shut down hospital systems and is preventing access to patient data. The attack took place in the early hours of Friday September 20, 2019 according to the Department of Health. An investigation into the attack has been initiated and attempts are ongoing to remove the ransomware, restore encrypted files, and bring systems back online; however, at the...

Read More
Phishing Attack on Ramsey County Impacts 117,905 Individuals
Sep20

Phishing Attack on Ramsey County Impacts 117,905 Individuals

Ramsey County has revealed that a phishing attack that took place in August 2018 impacted a great many more individuals than first thought. The victim count has been revised to 117,905 from 599. The original breach report stated the email accounts of 26 staff members were compromised in a phishing attack that took place around August 9, 2018. The attack was identified quickly and the affected accounts were locked down. The individuals...

Read More
Phishing Attacks at Magellan Health Subsidiaries Impact 56,226 Presbyterian Health Plan Subscribers
Sep18

Phishing Attacks at Magellan Health Subsidiaries Impact 56,226 Presbyterian Health Plan Subscribers

Magellan Health, based in Scottsdale, Arizona, has revealed that discovered two of its subsidiaries have experienced phishing attacks that exposed the protected health information of members of Albuquerque, NM-based Presbyterian Health Plan. The phishing attacks were identified by National Imaging Associates and Magellan Healthcare, which both supply services to Presbyterian Health Plan. Both incidents were reported to the Department...

Read More
First HIPAA Violation Case Under 2019 Right of Access Initiative Settled by OCR
Sep16

First HIPAA Violation Case Under 2019 Right of Access Initiative Settled by OCR

Earlier in 2019, the Department of Health and Human Services’ Office for Civil Rights (OCR) revealed that one of the main focuses of HIPAA enforcement in 2019 would be HIPAA right of access failures, including untimely responses to access requests and overcharging for copies of medical data. The HIPAA right of access permits patients to obtain copies of their medical records on request. HIPAA-covered entities must honor those requests...

Read More
UC Health Phishing Attack Affects Multiple Email Accounts
Sep10

UC Health Phishing Attack Affects Multiple Email Accounts

University of Cincinnati Health (UC Health) is looking into a security breach that saw the email accounts of multiple employees accessed by an unauthorized person The attack took place between July 6 and July 12, 2019 and involved ‘a limited number’ of employee email accounts. A review of the compromised email accounts revealed they included patients’ names, birth dates, medical record numbers, and some clinical data. A deep dive...

Read More

13,905 Patients Targeted in Artesia General Hospital Phishing Attack

Artesia General Hospital, located in Artesia New Mexico, has stated that protected health information (PHI) of 13,905 patients has been illegally accessed in a planned phishing attack. The breach was discovered when an employee’s email account was seen to have been used to send unauthorized emails. The breach was first noticed on June 18, 2019 and the forensic analysis revealed the account had been accessed by an unauthorized person...

Read More
PHI of 183,000 Patients Exposed in Phishing Attack on Presbyterian Healthcare Services
Aug27

PHI of 183,000 Patients Exposed in Phishing Attack on Presbyterian Healthcare Services

The Albuquerque, NM-based not-for-profit health organization Presbyterian Healthcare Services, has suffered a phishing attack that resulted in the email accounts of several workers subjected to unauthorized access. The phishing attack was noticed by Presbyterian Healthcare Services during June 6, 2019. The breach investigation showed the email accounts were infiltrated a month earlier, on or around May 9, 2019. Upon identification of...

Read More
3,000 Records Potentially Compromised in Rhode Island Healthcare Attack
Aug24

3,000 Records Potentially Compromised in Rhode Island Healthcare Attack

Rhode Island Ear, Nose and Throat Physicians Inc. (RIENT) is contacting 2,943 patients to make them aware that some of their health information was saved on a server which was subjected to unauthorized access on June 19, 2019 when a hacker obtained access to its databases. The breach was discovered the same day and the network was safeguarded. An external computer forensics firm was contracted to assist with the investigation and help...

Read More
10,000 Patients  Have Personal Data Impacted in Massachusetts General Hospital Breach
Aug24

10,000 Patients Have Personal Data Impacted in Massachusetts General Hospital Breach

Massachusetts General Hospital (MGH) has identified that computer applications used by security experts in its Department of Neurology have been infiltrated using unauthorized access. The individual to blame would have been able to access the protected health information of around 10,000 patients. MGH discovered the breach on June 24, 2019 and quickly shut down access to the applications and databases. An investigation was initiated,...

Read More
Researchers Provide Insights into Motivations Behind Healthcare Cyberattacks
Aug22

Researchers Provide Insights into Motivations Behind Healthcare Cyberattacks

A new report from FireEye provides insights into the motivations behind cyberattacks on U.S. healthcare organizations. The report shows patient information is not the only type of sensitive data being sought. There has been a marked increase in cyberattacks on cancer research institutes and medical institutions for the research data they hold. The attacks are being conducted by Advanced Persistent Threat (APT) groups affiliated to...

Read More
Data Breach Exposes Medical Records of Western Connecticut Health Network Patients
Aug22

Data Breach Exposes Medical Records of Western Connecticut Health Network Patients

Nuvance Health has started getting in touch with certain Western Connecticut Health Network (WCHN) patients to make them aware that some of their protected health information has been exposed. On June 11, 2019, WCHN sent a box of medical records to the Connecticut State Department of Public Health. The package was sent using the U.S. Postal Service (USPS), but the package was harmed while on the move, exposing the contents of the...

Read More
Washington Hospital Hit with $1m Ransom Demand
Aug16

Washington Hospital Hit with $1m Ransom Demand

A ransomware attack on an Aberdeen, WA-hospital and associated clinics is still wreaking havoc over two months after the initial attack took place. The cybercriminals have requested $1 million for the keys to unlock the encryption on the captured data. On June 15, 2019, Grays Harbor Community Hospital started noticing IT problems. The attack happened on a Saturday when staffing numbers were low so, at first, the problem was put down...

Read More
Lost Thumb Drive was used to Store PHI of Renown Health Patients
Aug12

Lost Thumb Drive was used to Store PHI of Renown Health Patients

Renown Health, the largest healthcare supplier in Northern Nevada, has started getting in touch with certain patients to make them aware that some of their protected health information (PHI) may have was accessible.Patient information was held in files on a portable storage device (thumb drive) identified as missing on June 30, 2019. An extensive search of the facility was conducted but the thumb drive could not be found. An...

Read More
2019: A Particularly Bad Year for Healthcare Data Breaches
Aug07

2019: A Particularly Bad Year for Healthcare Data Breaches

Cyberattacks on healthcare organizations have continued to increase throughout the first half of 2019 and this year has seen the discovery of the second largest healthcare data breach ever reported. American Medical Collection Agency experienced a cyberattack in which the records of more than 20 million patients were exposed and potentially stolen. It should be no surprise to hear that in terms of both the number of healthcare data...

Read More
AMCA Breach Impacts 2.2 Million Patients  of Clinical Pathology Laboratories
Jul24

AMCA Breach Impacts 2.2 Million Patients of Clinical Pathology Laboratories

It has recently been discovered that the protected health information (PHI) of approximately 2.2 million of patients of Clinical Pathology Laboratories in Texas may have been infiltrated in the data breach at American Medical Collection Agency (AMCA). AMCA supplies debt collection services to many healthcare firms, which necessitates access to the PHI of patients with outstanding bills. A cyberattack on the AMCA payment website...

Read More
AMCA Data Breach Total Nears 25 Million
Jul23

AMCA Data Breach Total Nears 25 Million

The number of healthcare providers confirmed to have been affected by the American Medical Collection Agency (AMCA) data breach has continued to grow over the past week. To date, 18 healthcare providers have made announcements that the protected health information they provided to AMCA has been exposed. AMCA is a collection agency that works with several healthcare organizations and recovers unpaid medical bills. In March 2019,...

Read More
25,000 Adirondack Health Patients Hit by Email Account Hack
Jul21

25,000 Adirondack Health Patients Hit by Email Account Hack

Vermont-based Adirondack Health is getting in touch with around 25,000 patients that some of their protected health information has potentially been obtained by a cyber criminal. Information such as patients’ names, dates of birth, Medicare ID numbers or health insurance member numbers, and limited treatment and/or clinical information. A smaller subset of patients also had their Social Security number accessible. Adirondack Health is...

Read More
14,591 DHS Patients have PHI Compromised in Phishing Attack on California Business Associate
Jul16

14,591 DHS Patients have PHI Compromised in Phishing Attack on California Business Associate

Nemadji Research Corporation, an outfit working with California Reimbursement Enterprises, has revealed that an unauthorized person obtained access to the email account of a staff emmber and may have viewed or copied the protected health information (PHI). California Reimbursement Enterprises is a business associate of several healthcare centers and hospitals in California and operates to provide a patient eligibility and billing...

Read More
Tennessee Hospice Phishing Attack may have Impacted Sensitive Data
Jul12

Tennessee Hospice Phishing Attack may have Impacted Sensitive Data

A provider of end-of-life care, palliative care, bereavement support and community education based in Alive Hospice in Nashville, Tennessee has revealed  that the email account of a staff member was infiltrated during May 2019. On May 6, 2019, suspicious activity was noticed  in a staff member’s account. The password for the account was quickly amended and an investigation was launched into the cause of the violation. The...

Read More
Unauthorized Use of PHI as Teaching Tool Leads to Legal Action by Student
Jul08

Unauthorized Use of PHI as Teaching Tool Leads to Legal Action by Student

A medical student at Marshall University is suing the institution, along with Cabell Huntington Hospital, in relation to the unauthorized sharing of some of his protected health information (PHI) to a class of students. The student, who is referred to only as as J.M.A in the lawsuit, alleges that his x-rays were used as a teaching tool by a professor at Marshall University Joan C. Edwards School of Medicine, but information...

Read More
California and Illinois Clinics Discover Ransomware Attacks
Jun26

California and Illinois Clinics Discover Ransomware Attacks

Quantum Vision Centers and Eye Surgery Center patients located in Illinois are being contact to make them aware that some of their protected health information may have been illegally obtained in an April 2019 ransomware attack. An unauthorized person obtained access to certain Quantum systems and deployed ransomware on April 18, 2019. The ransomware encrypted files, some of which included data such as names, dates of birth,...

Read More
645,000 Clients of Oregon Department of Human Services Alerted Regarding Phishing Breach
Jun22

645,000 Clients of Oregon Department of Human Services Alerted Regarding Phishing Breach

The Oregon Department of Human Services (ODHS) is making contact with 645,000 clients to advise them that some of their personal information may have been compromised due to a phishing attack.The targeted attack kicked off on January 9, 2019 and lead to 9 ODHS employees clicking on links in emails and disclosing their login details. ODHS and the Department of Administrative Services Enterprise Security Office noticed the breach on...

Read More
Two Maryland Healthcare Providers Affected by Potential Breach at Meditab Software
Jun21

Two Maryland Healthcare Providers Affected by Potential Breach at Meditab Software

In Maryland two healthcare providers have been impacted by a possible data breach that took place at their business associate, Meditab Software Inc.Meditab supplies EMR and practice management software to healthcare providers and its systems include patient data. In March 2019, Meditab found some protected health information (PHI) had been left unsecured. Meditab had established a portal to view statistics for its Fax Cloud services....

Read More
Phishing Breach Notifications Sent to 645,000 Clients of Oregon Department of Human Services
Jun10

Phishing Breach Notifications Sent to 645,000 Clients of Oregon Department of Human Services

The Oregon Department of Human Services (ODHS) is making contact with 645,000 clients to advise them that a portion of their personal information was possibly impacted due to a phishing attack. The phishing attack took place beginning on January 9, 2019 and lead to nine ODHS members of staff visiting links in emails and disclosing their login details. ODHS and the Department of Administrative Services Enterprise Security Office...

Read More
Misconfigured ElasticSearch Server at University of Chicago Medicine Exposed Over 1.68M Records
Jun07

Misconfigured ElasticSearch Server at University of Chicago Medicine Exposed Over 1.68M Records

It has been revealed that University of Chicago Medicine has discovered more than 1.68 million of its records have been exposed due to a misconfigured server. The records were saved on a misconfigured ElasticSearch server which had mistakenly had protections removed allowing it to be accessed over the internet without the requirement for any authentication. The misconfiguration permitted a database to be accessed which included...

Read More
AMCA Breach Affects Almost 7.7 Million Patients
Jun06

AMCA Breach Affects Almost 7.7 Million Patients

After reports that the data breach at American Medical Collection Agency (AMCA) impacted the records of 11.9 million Quest Diagnostics patients, comes revelation that another healthcare company that has been impacted by the breach. On June 4, 2019, LabCorp, a different nationwide group of blood testing centers, announced that 7.7 million people whose blood samples were processed by the company may have had their sensitive information...

Read More
LabCorp Impacted by AMCA Data Breach: Up to 7.7 Million Customers Affected
Jun05

LabCorp Impacted by AMCA Data Breach: Up to 7.7 Million Customers Affected

A day after Quest Diagnostics confirmed 11.9 million of its customers have been affected by a cyberattack on American Medical Collection Agency (AMCA) comes news that a rival network of blood testing laboratories has also been impacted. LabCorp also uses AMCA’s billings collection services and the data of its customers has also been exposed. In a recent U.S. Securities and Exchange Commission (SEC) filing, LabCorp states that it...

Read More
Sensitive Information of 11.9 Million Quest Diagnostics Patients Compromised
Jun04

Sensitive Information of 11.9 Million Quest Diagnostics Patients Compromised

Quest Diagnostics, one of the leading medical laboratories and blood testing companies in the United States, has been affected by a data breach at one of its vendors. That breach has resulted in the exposure and potential theft of almost 12 million individuals’ personal, medical, and financial information. According to a recent U.S. Securities and Exchange Commission (SEC) filing, Quest Diagnostics was notified of a data breach at the...

Read More