25,000 Patients Contacted About Lake County Health Department Data Breaches
Jul22

25,000 Patients Contacted About Lake County Health Department Data Breaches

The personal and protected health information of approximately 25,000 patients has potentially been impacted in two separate data breaches according to the Lake County Health Department in Illinois . The initial breach took place during 2019 when a Lake County Health member of staff sent an unencrypted email from their corporate email address to an internal employee’s personal email account. The email in question included a...

Read More
REvil Ransomware Attack Impacts University Medical Center of Southern Nevada
Jun29

REvil Ransomware Attack Impacts University Medical Center of Southern Nevada

A ransomware attack on the University Medical Center of Southern Nevada (UMC) has resulted in an amount of patient data being stolen. The clinic released a statement saying it discovered suspicious activity on its network in June and moved swiftly to mitigate the attack by limiting access to its servers and databases. A review of the incident is ongoing and the relevant law enforcement agencies have been made aware of the attack. To...

Read More
Lawsuit Filed Against Humana & Cotiviti Following 63,000+ Record Data Breach
Jun14

Lawsuit Filed Against Humana & Cotiviti Following 63,000+ Record Data Breach

Following the discovery of a data breach in December 2020, the health insurance and healthcare provider Humana and its business associate Cotiviti are facing legal action. A lawsuit was filed naming both companies on May 26, 2021 in the U.S. District Court for the Western District of Kentucky. The lawsuit alleges Humana mismanaged the records of members of its health insurance plans. The group had outsourced the duty of processing...

Read More
Phishing Attack Affects Up to 34,862 Lafourche Medical Group Patients
Jun11

Phishing Attack Affects Up to 34,862 Lafourche Medical Group Patients

34,862 patients of Lafourche Medical Group, a Louisiana-based urgent care center operator, have been made aware that a security incident may have resulted in a portion of their of their protected health information being compromised. Lafourche Medical Group learned in March 2021 that an external accountant had replied to a phishing email that claimed to have been sent by one of the owners of Lafourche Medical Group. responding to the...

Read More
Patients of Rehoboth McKinley Christian Health Care Services Informed of February 2021 Ransomware Attack
May23

Patients of Rehoboth McKinley Christian Health Care Services Informed of February 2021 Ransomware Attack

Rehoboth McKinley Christian Health Care Services (RMCHCS) has contacted patients to make them aware of a ransomware attack that hit the organization during February 2021 which may have compromised their protected health information (PHI). The breach has been reported to the HHS’ Office for Civil Rights as affecting 207,195 individuals. It was discovered that Conti ransomware hackers conducted the attack in February and stole a range...

Read More
330K Patients Impacted in Ransomware Attack on New York Medical Group
May15

330K Patients Impacted in Ransomware Attack on New York Medical Group

Orthopedic Associates of Dutchess County has revealed that the protected health information (PHI) of some of its clients may have been impacted during a recent cyberattack. The New York medical group first noticed the security breach when suspicious activity was identified on its systems on March 5, 2021. Following this discovery, a review of the incident confirmed that systems had been accessed on or around March 1, 2021 by...

Read More
Data Breach Impacts Records of 200,000 Military Veterans
May14

Data Breach Impacts Records of 200,000 Military Veterans

Online security expert Jeremiah Fowler has discovered an online database holding the protected health information (PHI) of approximately 200,000 U.S. military veterans was accessible until the issue was mitigated on April 18 of this year. The database was being used to store veterans’ identities, birth dates, contact details, medical data, appointment dates, unencrypted password details, and billing information. Access could be gained...

Read More
HHS Information Blocking Regulations Now in Effect
Apr16

HHS Information Blocking Regulations Now in Effect

Created by the Department of Health and Human Services as part of the 21st Century Cures Act, the information blocking regulations are now in effect and are enforceable. The final rule described information blocking and introduced penalties for providers and certified health IT vendors who participate in activities that interfere with the access, transfer, and use of electronic health information (EHI). The final rule also established...

Read More
HIPAA Breaches at Montefiore Medical Center & Belden
Apr16

HIPAA Breaches at Montefiore Medical Center & Belden

It has been discovered that another Montefiore Medical Center employee has accessed patient information with no work reason for doing. It was made public that, during February 2020, a member of staff had accessed medical records without authorization over a period of five months in 2020 while another employee was found to have stolen the PHI of around 4,000 patients between January 2018 and July 2020. The most recent discovery...

Read More
Ransomware Attack on Home Healthcare Service Provider Affects 753,000 Individuals
Apr03

Ransomware Attack on Home Healthcare Service Provider Affects 753,000 Individuals

753,107 patients of NY-based provider of home health services Personal Touch Holding Corp are being made aware that a breach of their protected health information may have occurred. On January 27, 2021, Personal Touch was made aware that it had been impacted by a cyberattack that infiltrated its private cloud hosted by its managed service providers. The hackers encrypted the cloud-stored business files of Personal Touch and 29 of its...

Read More
New Jersey Plastic Surgery Practice Pays $30K to OCR Settle HIPAA Right of Access Case
Mar29

New Jersey Plastic Surgery Practice Pays $30K to OCR Settle HIPAA Right of Access Case

The HHS’ Office for Civil Rights (OCR) has revealed a settlement has been agreed with Ridgewood, NJ-based Village Plastic Surgery to resolve a potential breach of the HIPAA Right of Access provision of the HIPAA Privacy Rule. As per the terms of the settlement, Village Plastic Surgery will pay a $30,000 fine and will implement a corrective action plan that includes the creation of policies and processes covering patient medical record...

Read More
Multiple Lawsuits Filed by Victims of Accellion Ransomware Attack
Mar22

Multiple Lawsuits Filed by Victims of Accellion Ransomware Attack

The number of healthcare groups to reveal that they have been impacted by the ransomware attack on Accellion has grown, with two of the most recent victims listed as Trillium Community Health Plan and Arizona Complete Health. In December 2020, unauthorized people targeted zero-day vulnerabilities in Accellion’s legacy File Transfer Appliance platform and illegally removed data of its customers before deploying CLOP ransomware....

Read More
AMCA Medical Debt Collection Agency Settles Multistate Action over 21 Million-Record Data Breach
Mar15

AMCA Medical Debt Collection Agency Settles Multistate Action over 21 Million-Record Data Breach

A settlement has been reached between a coalition of 41 state Attorneys General and American Medical Collection Agency (AMCA) to resolve a case stemming from a data breach involving the protected health information of 21 million Americans. The data breach was the largest healthcare data breach to be reported in 2019. AMCA specializes in small debt collections from patients of medical testing facilities. From August 1, 2018 until March...

Read More
AllyAlign Health Ransomware Attack Impacts Tens of Thousands of Patients
Mar04

AllyAlign Health Ransomware Attack Impacts Tens of Thousands of Patients

Following an attempted ransomware attack that took place November 13, 2020, AllyAlign Health breach alerts have been sent to make members and providers aware of the privacy violation. According to the breach notification letters sent to affected individuals, the Glen Allen, VA-based Medicare Advantage health plan administrator discovered the attack on November 14, 2020. A review of the incident found the systems infiltrated by the...

Read More
Harvard Eye Associates Pays Ransom to Recover Healthcare Data Stolen in Hacking Incident
Feb22

Harvard Eye Associates Pays Ransom to Recover Healthcare Data Stolen in Hacking Incident

In California, Laguna Hills-based Harvard Eye Associates has been affected by a cyberattack on its online storage vendor and the protected health information (PHI) of 29,982 patients could possibly have been stolen. The storage vendor made Harvard Eye Associates aware, on January 15, 2021, that cybercriminals had obtained access to its computer databases and stole data. While it was not known if files were encrypted to prevent access,...

Read More
US Healthcare Data Breach Report Shows Breaches Increased by 55% In 2020
Feb18

US Healthcare Data Breach Report Shows Breaches Increased by 55% In 2020

An analysis of 2020 healthcare data breaches has been conducted by Bitglass that shows the extent to which the healthcare industry was targeted by hackers. There was a sharp increase in hacking and IT incidents in 2019 and that trend continued in 2020 when 67% of all reported healthcare data breaches were the result of hacking/IT incidents. The healthcare records of 24.1 million individuals were exposed in those breaches – 91% of all...

Read More
US Fertility Facing Class Action Lawsuit Filed Over Ransomware Attack
Feb09

US Fertility Facing Class Action Lawsuit Filed Over Ransomware Attack

Following a September 2020 ransomware attack and data breach that impacted 878,550 people, US Fertility is now facing a class action lawsuit for allowing it to occur. US Fertility is one of the largest providers of support services to infertility clinics in the United States. The company discovered on September 14, 2020 that ransomware had been used to encrypt files and its databases. The investigation showed that the cybercriminals...

Read More
Florida Medicaid Applicants’ PHI Impacted in Seven-Year Breach
Feb05

Florida Medicaid Applicants’ PHI Impacted in Seven-Year Breach

It has been discovered by the Tallahassee, FL-based Medicaid health plan, Florida Healthy Kids Corporation, that its web hosting provider failed to address vulnerabilities which were targeted by hackers to obtain access to its web portal and the protected health information of those applying for membership since 2013. Florida Healthy Kids had an agreement with Jelly Bean Communications Design, LLC to arrange the hosting of its...

Read More
2020 Saw 560 U.S. Healthcare Facilities Affected by Ransomware
Jan25

2020 Saw 560 U.S. Healthcare Facilities Affected by Ransomware

During 2020 – according to the latest State of Ransomware report from the New Zealand-based cybersecurity firm Emsisoft – healthcare, education, and government entities were the main focus of ransomware threat groups with 2,354 attacks being registered. Towards the end of 2019 ransomware was being extensively used in cyberattacks on the healthcare industry. The attacks dwindled in the first half of 2020 but rose...

Read More
Hackers Altered Stolen Pfizer Vaccine Documentation Prior to Publication
Jan18

Hackers Altered Stolen Pfizer Vaccine Documentation Prior to Publication

In November 2020, hackers gained access to a server used by the European Medicines Agency (EMA), the drug and vaccine regulator in the European Union, and stole data on the Pfizer/BioNTech vaccine candidate.  Last week, the EMA announced that the hackers had publicly released the documentation on hacking forums, but a new alert warns that the documentation was manipulated prior to release. The stolen data included information...

Read More
Healthcare Sector Cyberattacks Have Increased by 45% in the Past 2 Months
Jan14

Healthcare Sector Cyberattacks Have Increased by 45% in the Past 2 Months

A recent joint CISA, FBI, and HHS cybersecurity alert warned that the healthcare sector was being targeted by threat actors who were deploying ransomware. Attacks are being conducted by several threat actors using a range of different ransomware variants, including Ryuk and Conti. A new report recently published by Check Point shows that since the alert was issued, cyberattacks on the healthcare sector have continued to increase. From...

Read More
Ransomware Attack Impacts Lake Region Healthcare
Jan13

Ransomware Attack Impacts Lake Region Healthcare

On December 22, 2020, Minnesota-based Lake Region Healthcare discovered ransomware had been deployed on its network and the attackers gained access to its databases. The attack caused disruption to daily processes and procedures at its offices in Fergus Falls, Battle Lake, Ashby, and Barnesville. They moved swiftly to mitigate the attack and implemented their downtime procedures that had been developed for situations such as...

Read More
Ransomware Attacks on Healthcare Organizations Continue to Rise with Ryuk the Biggest Threat
Jan06

Ransomware Attacks on Healthcare Organizations Continue to Rise with Ryuk the Biggest Threat

Cyberattacks on healthcare organizations have continued to increase over the past two months, according to research conducted by cybersecurity firm Check Point, and ransomware is now the biggest malware threat. In October, a joint security advisory was issued by the DHS’ Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) warning the...

Read More
Wilmington Surgical Associates Ransomware Attack Impacts Over 14,000 Patients
Jan02

Wilmington Surgical Associates Ransomware Attack Impacts Over 14,000 Patients

The NetWalker ransomware group has claimed it is behind a ransomware attack that took place on the North Carolina-based surgical center, Wilmington Surgical Associates in October 2020. The group say that they illegally accessed and removed around 13GB of data before launching NetWalker ransomware and encrypting files. The stolen batch of data held thousands of documents containing sensitive data. There has been no breach notification...

Read More

SkyMed Comes to Settlement Agreement with FTC for 2019 Consumer Data Breach

SkyMed has com to a settlement agreement with the Federal Trade Commission (FTC) in the aftermath an audit of its information security practices in relation to a 2019 data breach that exposed consumers’ personal private data. The Nevada-based emergency services provider was made aware by security expert Jeremiah Fowler in 2019 that it had an improperly configured Elasticsearch database that was leaking patient private data. The...

Read More
Three Vulnerabilities Identified in Medtronic MyCareLink Smart Patient Readers
Dec19

Three Vulnerabilities Identified in Medtronic MyCareLink Smart Patient Readers

Three critical vulnerabilities have been found in Medtronic MyCareLink (MCL) Smart Patient Readers, which could be exploited by threat actors to gain access to protected health information, modify patient data, and take control of the paired cardiac device. The flaws are present in all versions of the MCL Smart Model 25000 Patient Reader. The first vulnerability, tracked as CVE-2020-25183, is an authentication protocol vulnerability....

Read More
Researchers Find More than 45 Million Medical Images Stored on Unprotected Servers
Dec17

Researchers Find More than 45 Million Medical Images Stored on Unprotected Servers

More than 45 million medical images are currently exposed on unprotected servers and can be accessed freely over the internet without usernames or passwords. The medical images include metadata that includes personal and protected health information, which could be used for a variety of nefarious purposes. The unprotected images, which include MRIs, CT scans, and X-Rays were found by researchers at the CyberAngel Analyst Team, who...

Read More

Meharry Medical College & MEDNAX Services Email Account Breaches Reported

Meharry Medical College located in Nashville, TN, has revealed that an email account breach may have lead to in the illegal access of the protected health information of up to 20,963 patients. The email account breach was  first discovered around July 28, 2020 and was promptly mitigated. External technical experts were brought in to review the breach and discovered that the incident was kept to a single email account. On September 1,...

Read More
U.S. Data Breach Impacts 829,454 Luxottica Patients
Nov17

U.S. Data Breach Impacts 829,454 Luxottica Patients

The largest eyewear firm globally, Luxottica, has had a number of its web portals targeted in a cyberattack that has resulted in a breach of the private data of over 800,000 patients. Luxottica makes designer eyewear for numerous renowned fashion brands and owns many famous eyewear brands such as Ray-Ban. The group also manages the EyeMed vision benefits company and collaborates with LensCrafters, Target Optical, EyeMed, Pearle...

Read More

Saint Francis Healthcare Data Breach Lawsuit Settled for $350,000

In relation to September 2019 ransomware attack on Ferguson Medical Group (FMG), a $350,000 settlement has been reached between Saint Francis Healthcare System and patients impacted by the attack.  FMG was purchased by Saint Francis after a cyberattack resulted in many important records being inaccessible. They tried to retrieve all impacted records via backups, though some were could no be rescued. These files included medical...

Read More
City of New Haven Fined €202,000 for Failure to Terminate Former Employee’s Access Rights
Nov03

City of New Haven Fined €202,000 for Failure to Terminate Former Employee’s Access Rights

In Connecticut the City of New Haven has committed to paying a $203,400 financial penalty to the Department of Health and Human Services’ office for Civil Rights to compensate for a HIPAA violation case.  An OCR investigation was initiated in May 2017 following a receipt of data breach notification originating in New Haven on January 24. OCR investigated if the City of New Haven was responsible for HIPAA violations. Following this...

Read More
Ryuk Ransomware Gang Steps Up Attacks on U.S. Hospitals
Oct30

Ryuk Ransomware Gang Steps Up Attacks on U.S. Hospitals

The U.S Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) have issued a warning to healthcare providers and public health agencies of an imminent threat of attacks using Ryuk ransomware. An advisory was issued on October 28, 2020 after credible evidence was uncovered indicating the operators of Ryuk...

Read More
Finnish Psychotherapy Provider and Patients Blackmailed and Threatened with Publication of Sensitive Data
Oct27

Finnish Psychotherapy Provider and Patients Blackmailed and Threatened with Publication of Sensitive Data

A national network of psychotherapy clinics in Finland has suffered a cyberattack in which highly sensitive patient data were stolen. The company was issued with a ransom demand along with a threat to publish the stolen data if payment was not made. The attackers followed through with that threat and have published some of the data stolen in the attack and have also issued ransom demands to individual patients, threatening to disclose...

Read More
Multi-State Breach Investigation Settled with Community Health Systems Paying $5 Million Penalty
Oct16

Multi-State Breach Investigation Settled with Community Health Systems Paying $5 Million Penalty

Tennessee-based Community Health Systems and subsidiary CHSPCS LLC have settled a multiple-state action with 28 state attorneys general for $5 million.  A joint investigation was launched headed by Tennessee Attorney General Herbert. H. Slatery III after a breach of the protected health information (PHI) of 6.1 million people in 2014. At the time, Community Health Systems owned, leased, or operated 206 hospitals. According to a 2014...

Read More
Facilitating or Paying a Ransomware Payment will Lead to Sanctions: US Treasury Department
Oct12

Facilitating or Paying a Ransomware Payment will Lead to Sanctions: US Treasury Department

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has warned that companies that facilitate ransom payments to cybercriminals on behalf of victims of the attacks could face sanctions risks for violating OFAC regulations. Victims of ransomware attacks that pay ransoms to cyber actors could similarly face steep fines from the federal government if it is discovered that the criminals behind the attacks are already...

Read More
Clinical Trial Software Provider Hit with Ransomware Attack
Oct09

Clinical Trial Software Provider Hit with Ransomware Attack

eResearch, a software company from Philadelphia, which sells software used in vital research on Covid-19, was hit with a ransomware attack that has affected many of the company’s clientele, some of which are conducting Covid-19 vaccine trials. In the last year alone, eResearch Technology’s software was used in three quarters of all clinical trials carried out worldwide. The attack took place on September 20, 2020 forcing...

Read More
Some Blackbaud Customers had Sensitive Data Stolen in Ransomware Attack
Oct05

Some Blackbaud Customers had Sensitive Data Stolen in Ransomware Attack

Blackbaud has confirmed in a recent U.S. Securities and Exchange Commission (SEC) Form 8-K filing that the ransomware attack it experienced in May 2020 did not only involve donors’ personal information. Some of its customers also had sensitive information such as bank account details, Social Security numbers, and usernames and passwords exposed or stolen in the attack. When Blackbaud discovered the ransomware attack in May 2020, its...

Read More
Universal Health Services Ransomware Attack Cripples Hospitals Across the United States
Sep29

Universal Health Services Ransomware Attack Cripples Hospitals Across the United States

Universal Health Services (UHS) has suffered a ransomware attack that has taken IT systems out of action across its nationwide network of hospitals. UHS is a Fortune 500 healthcare provider and one of the largest providers of hospital and healthcare services in the United States. UHS has around 400 hospitals and healthcare facilities throughout the United States, Puerto Rico and the UK and had annual revenues of $11.37 billion in...

Read More
Breach of 6 Million Records and Multiple HIPAA Failures Leads to $2.3 Million HIPAA Fine for Business Associate
Sep26

Breach of 6 Million Records and Multiple HIPAA Failures Leads to $2.3 Million HIPAA Fine for Business Associate

The Tennessee-based management company CHSPSC LLC, a supplier of services to a range of different subsidiary hospital operator companies and other affiliates of Community Health Systems, including legal, compliance, accounting, operations, human resources, IT, and health information management services, has been fined $2.3 million in relation to five potential violations of the HIPAA Rules. The fine was made public this week by the...

Read More
7,777 Patients Impacted by Starling Physicians Email Breach
Sep21

7,777 Patients Impacted by Starling Physicians Email Breach

Starling Physicians has begun contacting 7,777 patients to make them aware that a portion of their protected health information may have been accessed by an unauthorized person. The breach was discovered at the beginning of July and an in depth investigation was initiated. No evidence was uncovered to suggest PHI had been illegally accessed, although it was not possible to rule out unauthorized access to data theft. Some of the data...

Read More
Ransomware Attack on Hospital Leads to the Death of a Patient
Sep18

Ransomware Attack on Hospital Leads to the Death of a Patient

A ransomware attack on a German hospital that took critical systems out of action and forced the cancellation of appointments and the temporary closure of its emergency department has led to the death of a patient. On or before September 10, 2020, Düsseldorf University Clinic was attacked with ransomware. The file encryption caused systems to crash and prevented patient information from being accessed. The extent of the encryption and...

Read More
Cyberattack on U.S. Department of Veteran Affairs Impacts 46,000 Veterans
Sep16

Cyberattack on U.S. Department of Veteran Affairs Impacts 46,000 Veterans

The U.S. Department of Veteran Affairs (VA) has announced that the personal and protected health information of approximately 46,000 veterans has potentially been obtained by unauthorized individuals who were attempting to redirect VA payments to community healthcare providers. The attack involved the use of social engineering techniques to obtain credentials for an application used by the VA’s Financial Services Center (FSC), with...

Read More
Five OCR HIPAA Fines for HIPAA Right of Access Failures
Sep16

Five OCR HIPAA Fines for HIPAA Right of Access Failures

The Department of Health and Human Services’ Office for Civil Rights (OCR) has recently agreed to settle five HIPAA compliance cases that were investigated after individuals were denied access to their health information. The HIPAA Privacy Rule gave individuals the right to obtain a copy of their health records from their providers, health insurer, and business associates of those entities. Access must be provided quickly and no later...

Read More
Northern Light Health Foundation Alerts 657,392 Donors About Blackbaud Ransomware Attack
Aug18

Northern Light Health Foundation Alerts 657,392 Donors About Blackbaud Ransomware Attack

The Brewer, ME-based integrated healthcare group, Northern Light Health Foundation, has revealed it has been impacted by the recent ransomware attack on Blackbaud Inc. The databases affected include information about donors, possible donors, and individuals who may have attended a fundraising event in the past. Patient medical records were stored separately and were unaffected. The databases contained the records of 657,392 people....

Read More
Phishing Attack Hits Children’s Hospital in Colorado
Aug10

Phishing Attack Hits Children’s Hospital in Colorado

Children’s Hospital Colorado is contacting 2,553 patients to inform them that some of their protected health information was held in an email account that was accessed by an unauthorized person between April 6-12, 2020. Credentials to access the account were stolen when an employee answered a phishing email. The phishing attack was discovered by the hospital on June 22, 2020 and the account was immediately safeguarded. A review of the...

Read More
PHI of Customers Stolen in Looting Incidents at Cub Pharmacies
Aug03

PHI of Customers Stolen in Looting Incidents at Cub Pharmacies

A pharmacy network has revealed the protected health information of some of its customers has been illegally taken by looters in late May during the period of civil unrest. From May 27-30, 2020, 8 Cub pharmacies in the Minneapolis area were broken into and items were taken such as paperwork containing the protected health information of its customers. Items taken from the clinic included locked safes that contained credit card...

Read More
Rhode Island Health System Hit with $1 Million Fine for Noncompliance with HIPAA Rules
Jul28

Rhode Island Health System Hit with $1 Million Fine for Noncompliance with HIPAA Rules

The Rhode Island non-profit health system, Lifespan Health System Affiliated Covered Entity (Lifespan), has been fined $1,040,000 by the Department of Health and Human Services’ Office for Civil Rights for violations of the Health Insurance Portability and Accountability Act (HIPAA) Rules. Had HIPAA Rules been followed, a data breach of 20,431 healthcare records would have been avoided. Lifespan was investigated by OCR following the...

Read More
Sarrell Regional Dental Center Ransomware Legal Action Thrown Out by Federal Judge
Jul24

Sarrell Regional Dental Center Ransomware Legal Action Thrown Out by Federal Judge

A legal action filed against Sarrell Regional Dental Center for Public Health Inc. in relation to a July 2019 ransomware attack has been thrown out by a Federal judge due to a lack of standing. Sarrell was able to bounce back from the attack and restore its computer systems and data without meeting the ransom demand, although the dental center was forced to shut down for a period of two weeks while its systems were restored. No proof...

Read More
Healthcare Fiscal Management Ransomware Attack Impacts Up to 58,000 People
Jul14

Healthcare Fiscal Management Ransomware Attack Impacts Up to 58,000 People

The Wilmington, NC-based provider of self-pay conversion and insurance eligibility services to hospitals, clinics and physician groups, Healthcare Fiscal Management Inc. (HFMI), has revealed that is was hit by a ransomware attack in which the personal and protected health information of patients of St. Mary’s Health Care System in Athens, GA may have been accessed or obtained by cybercriminals. An unauthorized person obtained access...

Read More
Portals Accessed Using Stolen Credentials of Health Plan Members
Jul03

Portals Accessed Using Stolen Credentials of Health Plan Members

Independence Blue Cross, AmeriHealth HMO, Inc. and AmeriHealth Insurance Company of New Jersey have discovered hackers obtained access to pages in their member portals between March 17, 2020 and April 30, 2020 and may have seen the personal and protected health information of some of their account holders. The range of data possibly accessed included names, member identification numbers, plan type, spending account balances, user...

Read More
Cybercriminal Apprehended & Charged for 2014 UPMC Cyberattack
Jun27

Cybercriminal Apprehended & Charged for 2014 UPMC Cyberattack

The United States Attorney’s Office of the Western District of Pennsylvania has released a statement that confirms a suspect has been arrested and charged in relation to the 2014 hacking of the human resources databases of University of Pennsylvania Medical Center (UPMC). UPMC manages 40 hospitals around 700 outpatient sites and doctors’ offices and employs over 90,000 staff. In January 2014, UPMC discovered a hacker had obtained...

Read More
Another Phishing Attack Impacts University of Utah Health
Jun15

Another Phishing Attack Impacts University of Utah Health

University of Utah Health has been impacted by a new phishing attack, with the most recent attack leading to the exposure of the protected health information (PHI) of 2,700 clients. This is the third phishing attack to be recorded during 2020 by the HHS’ Office for Civil Rights at the University of Utah. Earlier in the year, incidents were recorded on March 21 and April 3 and affected 3,670 and 5,000 patients. In the most recent...

Read More
Illegal Disposal of Patient Records Discovered by St Joseph Health System
Jun07

Illegal Disposal of Patient Records Discovered by St Joseph Health System

St Joseph Health System in North Central Indiana is contacting clients to inform them that a portion of protected health information has been breached and may have been viewed by unauthorized people. The breach did not occur at St Joseph Health, but at one of its business associates. Central Files Inc, a secure record storage service in South Bend, IN, was hired to securely store patient records in compliance with federal and state...

Read More
BJC HealthCare Patients at 19 Hospitals Impacted by Phishing Attack
May30

BJC HealthCare Patients at 19 Hospitals Impacted by Phishing Attack

BJC Healthcare has released that statement that revealed that three of its staff email accounts have been accessed by an unauthorized actor as a result of some workers answering phishing emails. Suspicious activity was uncovered in the staff email accounts on March 6, 2020 and the accounts were immediately locked down. A leading computer forensics company was hired to conduct an investigation which revealed the three accounts had only...

Read More
Ransomware Attack Sees Data Stolen from Magellan Health
May22

Ransomware Attack Sees Data Stolen from Magellan Health

Magellan Health, a Fortune 500 company, has revealed that it has suffered a ransomware attack during April that led to the encryption of files and theft of some employee data. The ransomware attack was first discovered by Magellan Health on April 11, 2020 when files and databases were encrypted. The investigation into the attack showed the hacker had obtained access to its systems when someone replied to a spear phishing email on...

Read More
Saint Francis Healthcare Partners & Florida Internal Medicine Practice Hit by Ransomware Attacks
May15

Saint Francis Healthcare Partners & Florida Internal Medicine Practice Hit by Ransomware Attacks

Saint Francis Healthcare Partners in Connecticut has begun making contact with 38,529 patients to make them aware that a portion of their protected health information may have been stolen by hackers as a result of a “sophisticated cybersecurity incident” that allowed an unauthorized individual to gain access to its email database. The attack took place on December 30, 2019 but it was not until March 20, 2020 that the forensic...

Read More
Tornado Hits Secure Medical Record Facility, Impacting Patients Medical Records
May06

Tornado Hits Secure Medical Record Facility, Impacting Patients Medical Records

Many hospitals have been impacted by a natural disaster that has affected Waupaca, WI-based STAT Informatics Solutions, LLC. STAT provides secure medical record services to a number of healthcare providers. Some the the services include scanning paper files so they can be incorporated into hospital medical record systems. On March 3, 2020, a STAT center in Lebanon, TN was struck by a tornado, which caused widespread damage to the...

Read More
Losses Caused by Data Breaches Lead to Shareholder Suing LabCorp
May03

Losses Caused by Data Breaches Lead to Shareholder Suing LabCorp

A LabCorp shareholder has initiated a legal action against LabCorp and its executives and directors in relation the loss in share value following two cyberattacks experienced by the company in the past year. LabCorp was one of the firms most impacted by the data breach at the medical debt collection company, American Medical Collection Agency (AMCA) in 2019. The records of 10,251,784 patients who used LabCorp’s services were stolen by...

Read More
14,795 Oncology Patients Impacted in Washington University School of Medicine Data Breach
Apr20

14,795 Oncology Patients Impacted in Washington University School of Medicine Data Breach

Washington University School of Medicine is getting in touch with 14,795 oncology patients to inform them that a portion of their protected health information may have been breached in January 2020. An unauthorized person obtained access to the email account of a research supervisor in the Division of Oncology at some point between January 12, 2020 and January 13, 2020 following a response to a phishing email. Upon identification of...

Read More
Ransomware Attack on Andrews Braces Impacts PHI of 16,600 Patients
Apr14

Ransomware Attack on Andrews Braces Impacts PHI of 16,600 Patients

The Sparks, NV orthodontics clinic, Andrews Braces, has suffered a ransomware attack that resulted in the encryption of patient data. The attack was discovered on February 14, 2020, with the subsequent investigation determining the ransomware was downloaded the previous day.The practice contracted a third-party forensic investigator to examine the range and extent of the attack and determine whether patient information had been stolen...

Read More
Brandywine Urology Consultants Ransomware Attack Potentially Impacts Over 113,000 Patients
Apr13

Brandywine Urology Consultants Ransomware Attack Potentially Impacts Over 113,000 Patients

Delaware medial practice Brandywine Urology Consultants has revealed that a ransomware attack on January 25, 2020 led to the encryption of files on its servers and computers. The full extent of the attack was limited and the practice’s electronic medical record system was not impacted. No medical records were exposed or infiltrated in the attack.The practice moved quickly and took steps to address the attack and reduce the harm...

Read More
Healthcare Resource Group & Confido have PHI Exposed in Phishing Attacks
Apr10

Healthcare Resource Group & Confido have PHI Exposed in Phishing Attacks

The pharmacy benefits consulting group Confido has begun alerting 3,600 of its clients’ employees, members, and their dependents, that a portion of their personal information may have been accessed by an unauthorized person who obtained access to an employee’s email account.The email account breach was discovered on December 12, 2020 and an investigation was initiated to determine the scale and extent of the breach. With the help of a...

Read More

Otis R. Bowen Center for Human Services Data Breach Impacts up to 35,800 Patients

The Otis R. Bowen Center for Human Services, an Indiana-based supplier of mental health and addiction recovery healthcare services, has revealed that unauthorized actors have obtained access to the email accounts of two of its staff members. It is not yet known when the email account breaches took place and for how long unauthorized individuals had access to the email accounts. In its website substitute breach alert, The Otis R. Bowen...

Read More
Multiple Data Breaches Reported
Mar28

Multiple Data Breaches Reported

There has been a number of healthcare data breaches made known to the HHS’ Office for Civil Rights (OCR) during the past few weeks. AffordaCare Urgent Care Clinics in Texas was attacked with Maze Ransomware. A report on DataBreaches.net revealed that the cybercriminals obtained 40GB of data prior to encrypting files. Some of the stolen data was published online when AffordaCare refused to pay the ransom. It is not yet known how many...

Read More
Data Breaches Reported at LifeSprk & University of Utah Health
Mar25

Data Breaches Reported at LifeSprk & University of Utah Health

LifeSprk is making contact with 9,000 of its account holders to inform them that a a limited amount of their protected health information may have been illegally accessed or stolen due to a November 2019 phishing attack. On January 17, 2020, the Minnesota-based senior care provider became aware that an unauthorized person had illegally accessed the email account of one of its staff members. The account was quickly secured and a...

Read More
Email Security Breaches at Relation Insurance & Rainbow Hospice Care
Mar09

Email Security Breaches at Relation Insurance & Rainbow Hospice Care

Relational Insurance Inc., an insurance brokerage company operating as Relation Insurance Services of Georgia (RISG), suffered an email security breach in August 2019. An unauthorized person was discovered to have obtained access to the email account of an employee and possibly accessed or copied emails that included protected health information (PHI). The breach was discovered on August 15, 2019 when suspicious activity was noticed...

Read More
Vulnerability in Walgreens Mobile App Secure Messaging Feature Made PHI Accessible
Mar06

Vulnerability in Walgreens Mobile App Secure Messaging Feature Made PHI Accessible

Walgreens has started contacting customers to make them aware that a portion of their protected health information may have been accessed by unauthorized individual due to an error in the personal secure messaging feature of the Walgreens mobile app. The secure messaging app includes a feature that allows registered customers to manage and receive SMS prescription refill notifications and deals and coupons. A vulnerability in the app...

Read More
Final Approval Given for Quest Diagnostics 2016 Data Breach Settlement
Mar03

Final Approval Given for Quest Diagnostics 2016 Data Breach Settlement

A federal judge has given final approval to a settlement in a class action lawsuit filed against the New Jersey-based medical laboratory firm, Quest Diagnostics Inc., in relation to its 2016 data breach. The $195,000 settlement will see up to $325 compensation made available for each person impacted by the breach. On November 26, 2016 hackers obtained access to the Care360 MyQuest mobile app that is used by patients to store and share...

Read More
First HIPAA Penalty of 2020 Announced by HHS’ Office for Civil Rights
Mar02

First HIPAA Penalty of 2020 Announced by HHS’ Office for Civil Rights

The first HIPAA penalty of 2020 has been announced by the Department of Health and Human Services’ Office for Civil Rights (OCR) and has been sanctioned against the medical practice of Steven A. Porter, M.D. The practice has agreed to pay a fine of $100,000 to resolve possible breaches of the HIPAA Security Rule and will implement a corrective action plan to tackle all areas of noncompliance discovered during the compliance audit. Dr....

Read More
Physician Network Affiliated with Boston Children’s Hospital Impacted by Malware Attack
Feb24

Physician Network Affiliated with Boston Children’s Hospital Impacted by Malware Attack

On Monday, February 10, 2020, Pediatric Physicians’ Organization at Children’s (PPOC), a physician group that works with Boston Children’s Hospital, suffered a malware attack that led to a system outage which stopped its 500+ pediatricians, nurse practitioners, and physician assistants from viewing patient data and scheduling appointments. PPOC has around 200 servers, 11 of which were affected by the attack. IT teams at PPOC and...

Read More
2020 Healthcare Data Breach Report
Feb20

2020 Healthcare Data Breach Report

Protenus has released its 2020 healthcare data breach report which shows the past 12 months have been the worst ever in terms of the number of reported breaches. For its 2020 Breach Barometer report, Protenus, in conjunction with databreaches.net, identified more than 572 healthcare data breaches of 500 or more records in 2019, up 48.6% compared to 2018. The number of data breaches affecting the healthcare industry has increased...

Read More
30,000 Patients Impacted by Fondren Orthopedic Group Malware Attack
Feb13

30,000 Patients Impacted by Fondren Orthopedic Group Malware Attack

Fondren Orthopedic Group, an association of private orthopedic surgery practitioners in Houston and the surrounding areas, experienced a cyberattack that affected certain parts of its IT system on November 21, 2019. In a substitute breach notice published on its website, the incident was referred to as a malware attack that damaged the medical records of specific patients. Quick action was taken to limit the infection and its systems...

Read More
16,167 Patients Hit by Hospital Sisters Health System Email Breach
Feb13

16,167 Patients Hit by Hospital Sisters Health System Email Breach

Hospital Sisters Health System has recently found out that an email security breach in August 2019 led to unauthorized people obtaining access to emails and email attachments that included the protected health information of 16,167 patients. Hospital Sisters Health System is a 15-hospital health network serving patients in Illinois and Wisconsin. Between August 6, 2019 and August 9, 2019, unauthorized people obtained access to the...

Read More
Phoenix Children’s Hospital & New York Nursing Center Impacted by Phishing Incident
Feb06

Phoenix Children’s Hospital & New York Nursing Center Impacted by Phishing Incident

A business email compromise (BEC) attack has impacted Village Center for Care dba VillageCare Rehabilitative and Nursing Center (VRNC) and Village Senior Services Corporation dba VillageCareMAX (VCMAX). BEC attacks involve the impersonation of an executive, either using the executive’s actual email account compromised in a previous attack, or by spoofing the executive’s email address. An unauthorized person, pretending to be part of...

Read More
30,000 Patients Affected After Malware Corrupts Medical Records
Feb03

30,000 Patients Affected After Malware Corrupts Medical Records

On November 21, 2019, Fondren Orthopedic Group, an association of private orthopedic surgery practitioners located in Houston and the surrounding areas, were hit by a cyberattack that impacted specific elements of its IT system. In a substitute breach notice published on its website, the incident was referred to as a malware attack that damaged the medical records of specific patients. Swift action was taken to limit the infection and...

Read More
Florida and Texas Healthcare Providers Report Ransomware Attacks
Jan20

Florida and Texas Healthcare Providers Report Ransomware Attacks

One of the most recent developments in the world of cyber crime to the tactic of threat actors to deploy ransomware to encrypt files to stop data access, but also to obtain data and threaten to publish or sell on the stolen data if the huge ransom demands are not met. This new tactic aims at growing the chance of finding victims paying the ransom. The Center for Facial Restoration in Miramar, FL, is one of the biggest healthcare...

Read More
DHS: Citrix Vulnerability Being Exploited Still
Jan16

DHS: Citrix Vulnerability Being Exploited Still

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has released an alert in relation to a recently discovered flaw in the Citrix Application Delivery Controller and Citrix Gateway web server appliances. The vulnerability, referred to as CVE-2019-19781, can be exploited via the internet and can make remote execution of arbitrary code on vulnerable appliances possible. The flaw, when exploited,...

Read More
False Allegations of HIPAA Violations Result in Georgia Man Being Charged
Jan14

False Allegations of HIPAA Violations Result in Georgia Man Being Charged

Following the discover of a complex scheme to set up an acquaintance in relation to breaches violations of the Health Insurance Portability and Accountability Act (HIPAA), a Georgia man has been charged. The man in question, 43-year-old Jeffrey Parker, claimed that he was a whistleblower reporting HIPAA breaches committed by a nurse.Mr Parker made the breaches known to the hospital where the person was employed, and official...

Read More
Phishing Attack Leads to Second Lawsuit Against Kalispell Regional Healthcare
Jan13

Phishing Attack Leads to Second Lawsuit Against Kalispell Regional Healthcare

A second lawsuit has been submitted against Kalispell Regional Healthcare in Montana in relation to a May 2019 phishing attack that resulted in the email accounts of some of its employees accessed by hackers. Kalispell Regional Healthcare became aware of the breach on August 28, 2019. The investigation showed that the hackers gained access to staff email accounts on May 24, 2019 and potentially accessed patient data. A forensic...

Read More
Three-Year Insider Breach Discovered at North Ottawa Community Health System
Jan03

Three-Year Insider Breach Discovered at North Ottawa Community Health System

North Ottawa Community Health System (NOCH) has become aware that a staff member at North Ottawa Community Hospital in Grand Haven, MI, viewed the medical records of patients without authorization over a period of three years. This issue was brought to the attention of the health system on October 15 by another employee. A review into the alleged inappropriate access was initiated on October 17 and the employee was suspended pending...

Read More
Up to 15 Million Individuals Potentially Affected by Ransomware Attack on Medical Testing Firm
Dec18

Up to 15 Million Individuals Potentially Affected by Ransomware Attack on Medical Testing Firm

LifeLabs, one of the largest medical testing and diagnostics firms in Canada, has been attacked with ransomware. The attack is believed to have occurred on or before November 1, 2019, although the cyberattack has only recently been announced. After careful consideration, the decision was taken to pay the ransom to recover customer data. The payment was made through a company that specializes in dealing with ransomware attacks. The...

Read More
The Cancer Center of Hawaii Delayed Radiation Therapy for Patients Due to Ransomware Attack
Dec13

The Cancer Center of Hawaii Delayed Radiation Therapy for Patients Due to Ransomware Attack

A ransomware attack took place, on November 5, 2019, on the Cancer Center of Hawaii in Oahu. The attack meant that the Cancer Center to close down its network servers, which meant it was temporarily stopped from providing radiation therapy to clients at Pali Momi Medical Center and St. Francis’ hospital in Liliha. While patient services suffered some disruption, no patient information is thought to have been accessed by the hackers....

Read More
$85,000 HIPAA Right of Access Failures Results in Financial Penalty for Korunda Medical
Dec13

$85,000 HIPAA Right of Access Failures Results in Financial Penalty for Korunda Medical

The Department of Health and Human Services’ Office for Civil Rights has revealed its second enforcement action as part of its HIPAA Right of Access Initiative. Florida-based Korunda Medical has agreed to settle potential fines for the HIPAA Right of Access and will implement a corrective action plan and bring its policies and procedures in line with the obligations of the HIPAA Privacy Rule. In March 2019, OCR was submitted with a...

Read More
Zeppelin Ransomware Used to Attack MSPs, Technology, and Healthcare Companies
Dec13

Zeppelin Ransomware Used to Attack MSPs, Technology, and Healthcare Companies

Security researchers at Blackberry Cylance have identified a new variant of Buran ransomware which is being used in targeted attacks on technology and healthcare companies in Europe and the United States. The new ransomware variant was first detected on November 6, 2019. It is written in Delphi and is a member of the VegaLocker and Buran ransomware family. It is believed to be distributed under the ransomware-as-a-service model. The...

Read More
80,000 Patients of Southeastern Minnesota Oral & Maxillofacial Surgery Impacted in Ransomware Attack
Dec12

80,000 Patients of Southeastern Minnesota Oral & Maxillofacial Surgery Impacted in Ransomware Attack

Southeastern Minnesota Oral & Maxillofacial Surgery (SEMOMS) has made it public that a ransomware may have impacted the protected health information of almost 80,000 patients. The attack was first discovered on September 23, 2019. The IT team reacted quickly and secured the compromised server so as to restore the encrypted data. It is not known whether the ransom was paid or if the IT team was able to bring the server back online...

Read More
100 Dental Practices Affected by Ransomware Attack on Managed Service Provider
Dec12

100 Dental Practices Affected by Ransomware Attack on Managed Service Provider

An Englewood, CO-based Complete Technology Solutions (CTS) Colorado IT firm that specializes in supplying managed IT services to over 100 dentist practices has been infiltrated as part of a ransomware attack. Indications are that attack was initiated at the end of November. KrebsonSecurity published a report that revealed CTS was sent request for $700,000  in ransom money. This payment was to be made in order for the keys to unlock...

Read More
Cheyenne Regional Medical Center Experiences Phishing Attack
Dec12

Cheyenne Regional Medical Center Experiences Phishing Attack

Cheyenne Regional Medical Center in Wyoming has recently became aware that patient data may have been illegally obtained due to a phishing attack identified in April. The medical center was made aware of a potential security breach following the detection of suspicious activity related to staff payroll accounts on or around April 5, 2019. Around a week later, the medical center discovered that employee email accounts had been...

Read More
Sunrise Community Health and Katherine Shaw Bethea Hospital Suffer Phishing Attacks
Dec12

Sunrise Community Health and Katherine Shaw Bethea Hospital Suffer Phishing Attacks

Evans, CO-based Sunrise Community Health has learned that the email accounts of several staff members were compromised due to employees responding to phishing emails. The email accounts were accessed by unauthorized people between September 11, 2019 and November 22, 2019. Assisted by third party company of computer forensics experts, Sunrise Community Health determined on November 5, 2019 that the infiltrated email accounts included...

Read More
Ransomware Attack on IT Company Impacts more than 100 Dental Practices
Dec09

Ransomware Attack on IT Company Impacts more than 100 Dental Practices

More than 100 dental practices have had essential files encrypted as a result of a ransomware attack on an IT service provider. On November 25, 2019, the Englewood, Colorado-based IT firm Complete Technology Solutions (CTS) was attacked and its data was encrypted by Sodinokibi ransomware, aka rEvil. The firm was reportedly issued with a ransom demand of $700,000 in cryptocurrency for the keys to unlock the encrypted files. The firm...

Read More
Ransomware Attack Impacts 107,000 Ferguson Medical Group Patients
Nov24

Ransomware Attack Impacts 107,000 Ferguson Medical Group Patients

Saint Francis Healthcare System has revealed that the computer network of Ferguson Medical Group has been hit by a ransomware attack. The attack took place on September 21, 2019, before Saint Francis Medical Center purchased the Sikeston, MO-based medical group. Saint Francis Healthcare became aware of the ransomware attack on September 21. A notice published on the Saint Francis Healthcare website, the hackers succeeded in encrypting...

Read More
9,800  Employee  Records Potentially Accessed Without Authorization at Former Aegis Medical Group
Nov23

9,800 Employee Records Potentially Accessed Without Authorization at Former Aegis Medical Group

The Florida physician network, Aegis Medical Group, has begun contacting 9,800 patients to advise them that their protected health information may have been obtained and viewed by a former employee. That individual is thought to have tried to sell patient records to third parties thought to have been participating in identity theft and fraud. Aegis Medical Group was contacted by law enforcement agencies on September 11, 2019 in...

Read More
UNC Chapel Hill School of Medicine and Starling Physicians Report Phishing Attacks
Nov20

UNC Chapel Hill School of Medicine and Starling Physicians Report Phishing Attacks

University of North Carolina Chapel Hill School of Medicine has been hit by a phishing attack in which the protected health information of 3,716 patients has potentially been obtained by unauthorized individuals. A review by third-party forensics experts revealed that a number of employee email accounts were compromised between May 17, 2018 and June 18, 2018. It is not obvious when the security breach was first detected. The range of...

Read More
California Addiction Treatment Center Hit by Cyber Attack
Nov16

California Addiction Treatment Center Hit by Cyber Attack

An AWS S3 storage bucket owned by Sunshine Behavioral Health, LLC, a San Juan Capistrano, CA-based organization of drug and alcohol addiction rehabilitation centers, has been misconfigured, leading to the exposure of sensitive patient information. The misconfigured AWS S3 bucket was first reported to databreaches.net in August 2019. Sunshine Behavioral Health was contacted and the bucket was secured; however, the data exposure does...

Read More
Loyola Medicine and Main Street Clinical Associates Report PHI Theft Incidents
Nov14

Loyola Medicine and Main Street Clinical Associates Report PHI Theft Incidents

Main Street Clinical Associates, PA., in Durham, NC has contacted  certain patients that some of their protected health information was stored on devices that were illegally taken from its offices. The theft took place when the Main Street offices had been evacuated due to a bad gas explosion. Workers at the office were ordered to evacuate the building on April 10, 2019 following an explosion in an nearby building. Files and equipment...

Read More
Business Associate Phishing Attack Impacts TennCare and Florida Blue Members
Nov03

Business Associate Phishing Attack Impacts TennCare and Florida Blue Members

More healthcare organizations have revealed they have been impacted by a data breach at Magellan Health National Imaging Associates, a business associate of several HIPAA-covered groups that supply managed pharmacy and radiology benefits services. Danville, PA-located Geisinger Health Plan revealed last month that 5,848 of its account holders had been impacted by the breach and Albuquerque, NM-based Presbyterian Health Plan has...

Read More
Kalispell Regional Healthcare Contacts 140,209 Patients About Phishing Attack
Oct30

Kalispell Regional Healthcare Contacts 140,209 Patients About Phishing Attack

Kalispell Regional Healthcare, located in Montana, is currently getting in touch with around 140,000 patients that some of their protected health information (PHI) was potentially impacted in a security breach over the summer. Kalispell Regional Healthcare runs Kalispell Regional Medical Center, a 138-bed hospital in Kalispell, MT. The breach has impacted the majority of its patients. The breach impacted Kalispell Regional’s email...

Read More
Millions of Patients’ Sensitive Data Found to be Accessible via the Internet
Oct23

Millions of Patients’ Sensitive Data Found to be Accessible via the Internet

Due to the failure of nine companies to secure their medical databases, the sensitive health information of millions of patients has been exposed over the internet. The exposed patient data was found by security experts at WizeCase. The research team, headed by Avishai Efrat, used publicly available tools to search for exposed data that could be obtained without the need for any usernames or passwords. The firm then provides...

Read More
15,982 South Texas Dermatopathology Patients Contacted in Relation to AMCA Data Breach
Oct23

15,982 South Texas Dermatopathology Patients Contacted in Relation to AMCA Data Breach

South Texas Dermatopathology is the most recent victim of the data breach at American Medical Collection Agency (AMCA) to make the breach known to the Department of Health and Human Services Office for Civil Rights (OCR) and alert impacted patients. The breach was published on the OCR breach portal on October 7, 2019 and indicates 15,982 patients have been impacted. AMCA was a business associate of the San Antonio, TX-located medical...

Read More
Shared Network Drives Expose Thousands of Veterans’ Records
Oct19

Shared Network Drives Expose Thousands of Veterans’ Records

A report published by the Department of Veteran Affairs’ Office of Inspector General (VA OIG) audit has revealed that Internal Department of Veteran Affairs (VA) communications, disability claims, and the health information of thousands of veterans have been exposed and could possibly have been accessed by VA employees authorized to view the data. VA OIG completed an audit of the VA’s Milwaukee Regional Office following a call from a...

Read More
Healthcare Data Breach Report for September 2019 Published
Oct11

Healthcare Data Breach Report for September 2019 Published

36 healthcare data breaches of more than 500 records were reported to the Department of Health and Human Services’ Office for Civil Rights, during September, a 26.53% drop in the number of breaches from August. 1,957,168 healthcare records were illegally accessed in those breaches, a rise of 168.11% from August. The massive rise in the number of breached records is largely down to four reported incidents, each of which included...

Read More