7,777 Patients Impacted by Starling Physicians Email Breach
Sep21

7,777 Patients Impacted by Starling Physicians Email Breach

Starling Physicians has begun contacting 7,777 patients to make them aware that a portion of their protected health information may have been accessed by an unauthorized person. The breach was discovered at the beginning of July and an in depth investigation was initiated. No evidence was uncovered to suggest PHI had been illegally accessed, although it was not possible to rule out unauthorized access to data theft. Some of the data...

Read More
Ransomware Attack on Hospital Leads to the Death of a Patient
Sep18

Ransomware Attack on Hospital Leads to the Death of a Patient

A ransomware attack on a German hospital that took critical systems out of action and forced the cancellation of appointments and the temporary closure of its emergency department has led to the death of a patient. On or before September 10, 2020, Düsseldorf University Clinic was attacked with ransomware. The file encryption caused systems to crash and prevented patient information from being accessed. The extent of the encryption and...

Read More
Cyberattack on U.S. Department of Veteran Affairs Impacts 46,000 Veterans
Sep16

Cyberattack on U.S. Department of Veteran Affairs Impacts 46,000 Veterans

The U.S. Department of Veteran Affairs (VA) has announced that the personal and protected health information of approximately 46,000 veterans has potentially been obtained by unauthorized individuals who were attempting to redirect VA payments to community healthcare providers. The attack involved the use of social engineering techniques to obtain credentials for an application used by the VA’s Financial Services Center (FSC), with...

Read More
Five OCR HIPAA Fines for HIPAA Right of Access Failures
Sep16

Five OCR HIPAA Fines for HIPAA Right of Access Failures

The Department of Health and Human Services’ Office for Civil Rights (OCR) has recently agreed to settle five HIPAA compliance cases that were investigated after individuals were denied access to their health information. The HIPAA Privacy Rule gave individuals the right to obtain a copy of their health records from their providers, health insurer, and business associates of those entities. Access must be provided quickly and no later...

Read More
Northern Light Health Foundation Alerts 657,392 Donors About Blackbaud Ransomware Attack
Aug18

Northern Light Health Foundation Alerts 657,392 Donors About Blackbaud Ransomware Attack

The Brewer, ME-based integrated healthcare group, Northern Light Health Foundation, has revealed it has been impacted by the recent ransomware attack on Blackbaud Inc. The databases affected include information about donors, possible donors, and individuals who may have attended a fundraising event in the past. Patient medical records were stored separately and were unaffected. The databases contained the records of 657,392 people....

Read More
Phishing Attack Hits Children’s Hospital in Colorado
Aug10

Phishing Attack Hits Children’s Hospital in Colorado

Children’s Hospital Colorado is contacting 2,553 patients to inform them that some of their protected health information was held in an email account that was accessed by an unauthorized person between April 6-12, 2020. Credentials to access the account were stolen when an employee answered a phishing email. The phishing attack was discovered by the hospital on June 22, 2020 and the account was immediately safeguarded. A review of the...

Read More
PHI of Customers Stolen in Looting Incidents at Cub Pharmacies
Aug03

PHI of Customers Stolen in Looting Incidents at Cub Pharmacies

A pharmacy network has revealed the protected health information of some of its customers has been illegally taken by looters in late May during the period of civil unrest. From May 27-30, 2020, 8 Cub pharmacies in the Minneapolis area were broken into and items were taken such as paperwork containing the protected health information of its customers. Items taken from the clinic included locked safes that contained credit card...

Read More
Rhode Island Health System Hit with $1 Million Fine for Noncompliance with HIPAA Rules
Jul28

Rhode Island Health System Hit with $1 Million Fine for Noncompliance with HIPAA Rules

The Rhode Island non-profit health system, Lifespan Health System Affiliated Covered Entity (Lifespan), has been fined $1,040,000 by the Department of Health and Human Services’ Office for Civil Rights for violations of the Health Insurance Portability and Accountability Act (HIPAA) Rules. Had HIPAA Rules been followed, a data breach of 20,431 healthcare records would have been avoided. Lifespan was investigated by OCR following the...

Read More
Sarrell Regional Dental Center Ransomware Legal Action Thrown Out by Federal Judge
Jul24

Sarrell Regional Dental Center Ransomware Legal Action Thrown Out by Federal Judge

A legal action filed against Sarrell Regional Dental Center for Public Health Inc. in relation to a July 2019 ransomware attack has been thrown out by a Federal judge due to a lack of standing. Sarrell was able to bounce back from the attack and restore its computer systems and data without meeting the ransom demand, although the dental center was forced to shut down for a period of two weeks while its systems were restored. No proof...

Read More
Healthcare Fiscal Management Ransomware Attack Impacts Up to 58,000 People
Jul14

Healthcare Fiscal Management Ransomware Attack Impacts Up to 58,000 People

The Wilmington, NC-based provider of self-pay conversion and insurance eligibility services to hospitals, clinics and physician groups, Healthcare Fiscal Management Inc. (HFMI), has revealed that is was hit by a ransomware attack in which the personal and protected health information of patients of St. Mary’s Health Care System in Athens, GA may have been accessed or obtained by cybercriminals. An unauthorized person obtained access...

Read More
Portals Accessed Using Stolen Credentials of Health Plan Members
Jul03

Portals Accessed Using Stolen Credentials of Health Plan Members

Independence Blue Cross, AmeriHealth HMO, Inc. and AmeriHealth Insurance Company of New Jersey have discovered hackers obtained access to pages in their member portals between March 17, 2020 and April 30, 2020 and may have seen the personal and protected health information of some of their account holders. The range of data possibly accessed included names, member identification numbers, plan type, spending account balances, user...

Read More
Cybercriminal Apprehended & Charged for 2014 UPMC Cyberattack
Jun27

Cybercriminal Apprehended & Charged for 2014 UPMC Cyberattack

The United States Attorney’s Office of the Western District of Pennsylvania has released a statement that confirms a suspect has been arrested and charged in relation to the 2014 hacking of the human resources databases of University of Pennsylvania Medical Center (UPMC). UPMC manages 40 hospitals around 700 outpatient sites and doctors’ offices and employs over 90,000 staff. In January 2014, UPMC discovered a hacker had obtained...

Read More
Another Phishing Attack Impacts University of Utah Health
Jun15

Another Phishing Attack Impacts University of Utah Health

University of Utah Health has been impacted by a new phishing attack, with the most recent attack leading to the exposure of the protected health information (PHI) of 2,700 clients. This is the third phishing attack to be recorded during 2020 by the HHS’ Office for Civil Rights at the University of Utah. Earlier in the year, incidents were recorded on March 21 and April 3 and affected 3,670 and 5,000 patients. In the most recent...

Read More
Illegal Disposal of Patient Records Discovered by St Joseph Health System
Jun07

Illegal Disposal of Patient Records Discovered by St Joseph Health System

St Joseph Health System in North Central Indiana is contacting clients to inform them that a portion of protected health information has been breached and may have been viewed by unauthorized people. The breach did not occur at St Joseph Health, but at one of its business associates. Central Files Inc, a secure record storage service in South Bend, IN, was hired to securely store patient records in compliance with federal and state...

Read More
BJC HealthCare Patients at 19 Hospitals Impacted by Phishing Attack
May30

BJC HealthCare Patients at 19 Hospitals Impacted by Phishing Attack

BJC Healthcare has released that statement that revealed that three of its staff email accounts have been accessed by an unauthorized actor as a result of some workers answering phishing emails. Suspicious activity was uncovered in the staff email accounts on March 6, 2020 and the accounts were immediately locked down. A leading computer forensics company was hired to conduct an investigation which revealed the three accounts had only...

Read More
Ransomware Attack Sees Data Stolen from Magellan Health
May22

Ransomware Attack Sees Data Stolen from Magellan Health

Magellan Health, a Fortune 500 company, has revealed that it has suffered a ransomware attack during April that led to the encryption of files and theft of some employee data. The ransomware attack was first discovered by Magellan Health on April 11, 2020 when files and databases were encrypted. The investigation into the attack showed the hacker had obtained access to its systems when someone replied to a spear phishing email on...

Read More
Saint Francis Healthcare Partners & Florida Internal Medicine Practice Hit by Ransomware Attacks
May15

Saint Francis Healthcare Partners & Florida Internal Medicine Practice Hit by Ransomware Attacks

Saint Francis Healthcare Partners in Connecticut has begun making contact with 38,529 patients to make them aware that a portion of their protected health information may have been stolen by hackers as a result of a “sophisticated cybersecurity incident” that allowed an unauthorized individual to gain access to its email database. The attack took place on December 30, 2019 but it was not until March 20, 2020 that the forensic...

Read More
Tornado Hits Secure Medical Record Facility, Impacting Patients Medical Records
May06

Tornado Hits Secure Medical Record Facility, Impacting Patients Medical Records

Many hospitals have been impacted by a natural disaster that has affected Waupaca, WI-based STAT Informatics Solutions, LLC. STAT provides secure medical record services to a number of healthcare providers. Some the the services include scanning paper files so they can be incorporated into hospital medical record systems. On March 3, 2020, a STAT center in Lebanon, TN was struck by a tornado, which caused widespread damage to the...

Read More
Losses Caused by Data Breaches Lead to Shareholder Suing LabCorp
May03

Losses Caused by Data Breaches Lead to Shareholder Suing LabCorp

A LabCorp shareholder has initiated a legal action against LabCorp and its executives and directors in relation the loss in share value following two cyberattacks experienced by the company in the past year. LabCorp was one of the firms most impacted by the data breach at the medical debt collection company, American Medical Collection Agency (AMCA) in 2019. The records of 10,251,784 patients who used LabCorp’s services were stolen by...

Read More
14,795 Oncology Patients Impacted in Washington University School of Medicine Data Breach
Apr20

14,795 Oncology Patients Impacted in Washington University School of Medicine Data Breach

Washington University School of Medicine is getting in touch with 14,795 oncology patients to inform them that a portion of their protected health information may have been breached in January 2020. An unauthorized person obtained access to the email account of a research supervisor in the Division of Oncology at some point between January 12, 2020 and January 13, 2020 following a response to a phishing email. Upon identification of...

Read More
Ransomware Attack on Andrews Braces Impacts PHI of 16,600 Patients
Apr14

Ransomware Attack on Andrews Braces Impacts PHI of 16,600 Patients

The Sparks, NV orthodontics clinic, Andrews Braces, has suffered a ransomware attack that resulted in the encryption of patient data. The attack was discovered on February 14, 2020, with the subsequent investigation determining the ransomware was downloaded the previous day.The practice contracted a third-party forensic investigator to examine the range and extent of the attack and determine whether patient information had been stolen...

Read More
Brandywine Urology Consultants Ransomware Attack Potentially Impacts Over 113,000 Patients
Apr13

Brandywine Urology Consultants Ransomware Attack Potentially Impacts Over 113,000 Patients

Delaware medial practice Brandywine Urology Consultants has revealed that a ransomware attack on January 25, 2020 led to the encryption of files on its servers and computers. The full extent of the attack was limited and the practice’s electronic medical record system was not impacted. No medical records were exposed or infiltrated in the attack.The practice moved quickly and took steps to address the attack and reduce the harm...

Read More
Healthcare Resource Group & Confido have PHI Exposed in Phishing Attacks
Apr10

Healthcare Resource Group & Confido have PHI Exposed in Phishing Attacks

The pharmacy benefits consulting group Confido has begun alerting 3,600 of its clients’ employees, members, and their dependents, that a portion of their personal information may have been accessed by an unauthorized person who obtained access to an employee’s email account.The email account breach was discovered on December 12, 2020 and an investigation was initiated to determine the scale and extent of the breach. With the help of a...

Read More

Otis R. Bowen Center for Human Services Data Breach Impacts up to 35,800 Patients

The Otis R. Bowen Center for Human Services, an Indiana-based supplier of mental health and addiction recovery healthcare services, has revealed that unauthorized actors have obtained access to the email accounts of two of its staff members. It is not yet known when the email account breaches took place and for how long unauthorized individuals had access to the email accounts. In its website substitute breach alert, The Otis R. Bowen...

Read More
Multiple Data Breaches Reported
Mar28

Multiple Data Breaches Reported

There has been a number of healthcare data breaches made known to the HHS’ Office for Civil Rights (OCR) during the past few weeks. AffordaCare Urgent Care Clinics in Texas was attacked with Maze Ransomware. A report on DataBreaches.net revealed that the cybercriminals obtained 40GB of data prior to encrypting files. Some of the stolen data was published online when AffordaCare refused to pay the ransom. It is not yet known how many...

Read More
Data Breaches Reported at LifeSprk & University of Utah Health
Mar25

Data Breaches Reported at LifeSprk & University of Utah Health

LifeSprk is making contact with 9,000 of its account holders to inform them that a a limited amount of their protected health information may have been illegally accessed or stolen due to a November 2019 phishing attack. On January 17, 2020, the Minnesota-based senior care provider became aware that an unauthorized person had illegally accessed the email account of one of its staff members. The account was quickly secured and a...

Read More
Email Security Breaches at Relation Insurance & Rainbow Hospice Care
Mar09

Email Security Breaches at Relation Insurance & Rainbow Hospice Care

Relational Insurance Inc., an insurance brokerage company operating as Relation Insurance Services of Georgia (RISG), suffered an email security breach in August 2019. An unauthorized person was discovered to have obtained access to the email account of an employee and possibly accessed or copied emails that included protected health information (PHI). The breach was discovered on August 15, 2019 when suspicious activity was noticed...

Read More
Vulnerability in Walgreens Mobile App Secure Messaging Feature Made PHI Accessible
Mar06

Vulnerability in Walgreens Mobile App Secure Messaging Feature Made PHI Accessible

Walgreens has started contacting customers to make them aware that a portion of their protected health information may have been accessed by unauthorized individual due to an error in the personal secure messaging feature of the Walgreens mobile app. The secure messaging app includes a feature that allows registered customers to manage and receive SMS prescription refill notifications and deals and coupons. A vulnerability in the app...

Read More
Final Approval Given for Quest Diagnostics 2016 Data Breach Settlement
Mar03

Final Approval Given for Quest Diagnostics 2016 Data Breach Settlement

A federal judge has given final approval to a settlement in a class action lawsuit filed against the New Jersey-based medical laboratory firm, Quest Diagnostics Inc., in relation to its 2016 data breach. The $195,000 settlement will see up to $325 compensation made available for each person impacted by the breach. On November 26, 2016 hackers obtained access to the Care360 MyQuest mobile app that is used by patients to store and share...

Read More
First HIPAA Penalty of 2020 Announced by HHS’ Office for Civil Rights
Mar02

First HIPAA Penalty of 2020 Announced by HHS’ Office for Civil Rights

The first HIPAA penalty of 2020 has been announced by the Department of Health and Human Services’ Office for Civil Rights (OCR) and has been sanctioned against the medical practice of Steven A. Porter, M.D. The practice has agreed to pay a fine of $100,000 to resolve possible breaches of the HIPAA Security Rule and will implement a corrective action plan to tackle all areas of noncompliance discovered during the compliance audit. Dr....

Read More
Physician Network Affiliated with Boston Children’s Hospital Impacted by Malware Attack
Feb24

Physician Network Affiliated with Boston Children’s Hospital Impacted by Malware Attack

On Monday, February 10, 2020, Pediatric Physicians’ Organization at Children’s (PPOC), a physician group that works with Boston Children’s Hospital, suffered a malware attack that led to a system outage which stopped its 500+ pediatricians, nurse practitioners, and physician assistants from viewing patient data and scheduling appointments. PPOC has around 200 servers, 11 of which were affected by the attack. IT teams at PPOC and...

Read More
2020 Healthcare Data Breach Report
Feb20

2020 Healthcare Data Breach Report

Protenus has released its 2020 healthcare data breach report which shows the past 12 months have been the worst ever in terms of the number of reported breaches. For its 2020 Breach Barometer report, Protenus, in conjunction with databreaches.net, identified more than 572 healthcare data breaches of 500 or more records in 2019, up 48.6% compared to 2018. The number of data breaches affecting the healthcare industry has increased...

Read More
30,000 Patients Impacted by Fondren Orthopedic Group Malware Attack
Feb13

30,000 Patients Impacted by Fondren Orthopedic Group Malware Attack

Fondren Orthopedic Group, an association of private orthopedic surgery practitioners in Houston and the surrounding areas, experienced a cyberattack that affected certain parts of its IT system on November 21, 2019. In a substitute breach notice published on its website, the incident was referred to as a malware attack that damaged the medical records of specific patients. Quick action was taken to limit the infection and its systems...

Read More
16,167 Patients Hit by Hospital Sisters Health System Email Breach
Feb13

16,167 Patients Hit by Hospital Sisters Health System Email Breach

Hospital Sisters Health System has recently found out that an email security breach in August 2019 led to unauthorized people obtaining access to emails and email attachments that included the protected health information of 16,167 patients. Hospital Sisters Health System is a 15-hospital health network serving patients in Illinois and Wisconsin. Between August 6, 2019 and August 9, 2019, unauthorized people obtained access to the...

Read More
Phoenix Children’s Hospital & New York Nursing Center Impacted by Phishing Incident
Feb06

Phoenix Children’s Hospital & New York Nursing Center Impacted by Phishing Incident

A business email compromise (BEC) attack has impacted Village Center for Care dba VillageCare Rehabilitative and Nursing Center (VRNC) and Village Senior Services Corporation dba VillageCareMAX (VCMAX). BEC attacks involve the impersonation of an executive, either using the executive’s actual email account compromised in a previous attack, or by spoofing the executive’s email address. An unauthorized person, pretending to be part of...

Read More
30,000 Patients Affected After Malware Corrupts Medical Records
Feb03

30,000 Patients Affected After Malware Corrupts Medical Records

On November 21, 2019, Fondren Orthopedic Group, an association of private orthopedic surgery practitioners located in Houston and the surrounding areas, were hit by a cyberattack that impacted specific elements of its IT system. In a substitute breach notice published on its website, the incident was referred to as a malware attack that damaged the medical records of specific patients. Swift action was taken to limit the infection and...

Read More
Florida and Texas Healthcare Providers Report Ransomware Attacks
Jan20

Florida and Texas Healthcare Providers Report Ransomware Attacks

One of the most recent developments in the world of cyber crime to the tactic of threat actors to deploy ransomware to encrypt files to stop data access, but also to obtain data and threaten to publish or sell on the stolen data if the huge ransom demands are not met. This new tactic aims at growing the chance of finding victims paying the ransom. The Center for Facial Restoration in Miramar, FL, is one of the biggest healthcare...

Read More
DHS: Citrix Vulnerability Being Exploited Still
Jan16

DHS: Citrix Vulnerability Being Exploited Still

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has released an alert in relation to a recently discovered flaw in the Citrix Application Delivery Controller and Citrix Gateway web server appliances. The vulnerability, referred to as CVE-2019-19781, can be exploited via the internet and can make remote execution of arbitrary code on vulnerable appliances possible. The flaw, when exploited,...

Read More
False Allegations of HIPAA Violations Result in Georgia Man Being Charged
Jan14

False Allegations of HIPAA Violations Result in Georgia Man Being Charged

Following the discover of a complex scheme to set up an acquaintance in relation to breaches violations of the Health Insurance Portability and Accountability Act (HIPAA), a Georgia man has been charged. The man in question, 43-year-old Jeffrey Parker, claimed that he was a whistleblower reporting HIPAA breaches committed by a nurse.Mr Parker made the breaches known to the hospital where the person was employed, and official...

Read More
Phishing Attack Leads to Second Lawsuit Against Kalispell Regional Healthcare
Jan13

Phishing Attack Leads to Second Lawsuit Against Kalispell Regional Healthcare

A second lawsuit has been submitted against Kalispell Regional Healthcare in Montana in relation to a May 2019 phishing attack that resulted in the email accounts of some of its employees accessed by hackers. Kalispell Regional Healthcare became aware of the breach on August 28, 2019. The investigation showed that the hackers gained access to staff email accounts on May 24, 2019 and potentially accessed patient data. A forensic...

Read More
Three-Year Insider Breach Discovered at North Ottawa Community Health System
Jan03

Three-Year Insider Breach Discovered at North Ottawa Community Health System

North Ottawa Community Health System (NOCH) has become aware that a staff member at North Ottawa Community Hospital in Grand Haven, MI, viewed the medical records of patients without authorization over a period of three years. This issue was brought to the attention of the health system on October 15 by another employee. A review into the alleged inappropriate access was initiated on October 17 and the employee was suspended pending...

Read More
Up to 15 Million Individuals Potentially Affected by Ransomware Attack on Medical Testing Firm
Dec18

Up to 15 Million Individuals Potentially Affected by Ransomware Attack on Medical Testing Firm

LifeLabs, one of the largest medical testing and diagnostics firms in Canada, has been attacked with ransomware. The attack is believed to have occurred on or before November 1, 2019, although the cyberattack has only recently been announced. After careful consideration, the decision was taken to pay the ransom to recover customer data. The payment was made through a company that specializes in dealing with ransomware attacks. The...

Read More
The Cancer Center of Hawaii Delayed Radiation Therapy for Patients Due to Ransomware Attack
Dec13

The Cancer Center of Hawaii Delayed Radiation Therapy for Patients Due to Ransomware Attack

A ransomware attack took place, on November 5, 2019, on the Cancer Center of Hawaii in Oahu. The attack meant that the Cancer Center to close down its network servers, which meant it was temporarily stopped from providing radiation therapy to clients at Pali Momi Medical Center and St. Francis’ hospital in Liliha. While patient services suffered some disruption, no patient information is thought to have been accessed by the hackers....

Read More
$85,000 HIPAA Right of Access Failures Results in Financial Penalty for Korunda Medical
Dec13

$85,000 HIPAA Right of Access Failures Results in Financial Penalty for Korunda Medical

The Department of Health and Human Services’ Office for Civil Rights has revealed its second enforcement action as part of its HIPAA Right of Access Initiative. Florida-based Korunda Medical has agreed to settle potential fines for the HIPAA Right of Access and will implement a corrective action plan and bring its policies and procedures in line with the obligations of the HIPAA Privacy Rule. In March 2019, OCR was submitted with a...

Read More
Zeppelin Ransomware Used to Attack MSPs, Technology, and Healthcare Companies
Dec13

Zeppelin Ransomware Used to Attack MSPs, Technology, and Healthcare Companies

Security researchers at Blackberry Cylance have identified a new variant of Buran ransomware which is being used in targeted attacks on technology and healthcare companies in Europe and the United States. The new ransomware variant was first detected on November 6, 2019. It is written in Delphi and is a member of the VegaLocker and Buran ransomware family. It is believed to be distributed under the ransomware-as-a-service model. The...

Read More
80,000 Patients of Southeastern Minnesota Oral & Maxillofacial Surgery Impacted in Ransomware Attack
Dec12

80,000 Patients of Southeastern Minnesota Oral & Maxillofacial Surgery Impacted in Ransomware Attack

Southeastern Minnesota Oral & Maxillofacial Surgery (SEMOMS) has made it public that a ransomware may have impacted the protected health information of almost 80,000 patients. The attack was first discovered on September 23, 2019. The IT team reacted quickly and secured the compromised server so as to restore the encrypted data. It is not known whether the ransom was paid or if the IT team was able to bring the server back online...

Read More
100 Dental Practices Affected by Ransomware Attack on Managed Service Provider
Dec12

100 Dental Practices Affected by Ransomware Attack on Managed Service Provider

An Englewood, CO-based Complete Technology Solutions (CTS) Colorado IT firm that specializes in supplying managed IT services to over 100 dentist practices has been infiltrated as part of a ransomware attack. Indications are that attack was initiated at the end of November. KrebsonSecurity published a report that revealed CTS was sent request for $700,000  in ransom money. This payment was to be made in order for the keys to unlock...

Read More
Cheyenne Regional Medical Center Experiences Phishing Attack
Dec12

Cheyenne Regional Medical Center Experiences Phishing Attack

Cheyenne Regional Medical Center in Wyoming has recently became aware that patient data may have been illegally obtained due to a phishing attack identified in April. The medical center was made aware of a potential security breach following the detection of suspicious activity related to staff payroll accounts on or around April 5, 2019. Around a week later, the medical center discovered that employee email accounts had been...

Read More
Sunrise Community Health and Katherine Shaw Bethea Hospital Suffer Phishing Attacks
Dec12

Sunrise Community Health and Katherine Shaw Bethea Hospital Suffer Phishing Attacks

Evans, CO-based Sunrise Community Health has learned that the email accounts of several staff members were compromised due to employees responding to phishing emails. The email accounts were accessed by unauthorized people between September 11, 2019 and November 22, 2019. Assisted by third party company of computer forensics experts, Sunrise Community Health determined on November 5, 2019 that the infiltrated email accounts included...

Read More
Ransomware Attack on IT Company Impacts more than 100 Dental Practices
Dec09

Ransomware Attack on IT Company Impacts more than 100 Dental Practices

More than 100 dental practices have had essential files encrypted as a result of a ransomware attack on an IT service provider. On November 25, 2019, the Englewood, Colorado-based IT firm Complete Technology Solutions (CTS) was attacked and its data was encrypted by Sodinokibi ransomware, aka rEvil. The firm was reportedly issued with a ransom demand of $700,000 in cryptocurrency for the keys to unlock the encrypted files. The firm...

Read More
Ransomware Attack Impacts 107,000 Ferguson Medical Group Patients
Nov24

Ransomware Attack Impacts 107,000 Ferguson Medical Group Patients

Saint Francis Healthcare System has revealed that the computer network of Ferguson Medical Group has been hit by a ransomware attack. The attack took place on September 21, 2019, before Saint Francis Medical Center purchased the Sikeston, MO-based medical group. Saint Francis Healthcare became aware of the ransomware attack on September 21. A notice published on the Saint Francis Healthcare website, the hackers succeeded in encrypting...

Read More
9,800  Employee  Records Potentially Accessed Without Authorization at Former Aegis Medical Group
Nov23

9,800 Employee Records Potentially Accessed Without Authorization at Former Aegis Medical Group

The Florida physician network, Aegis Medical Group, has begun contacting 9,800 patients to advise them that their protected health information may have been obtained and viewed by a former employee. That individual is thought to have tried to sell patient records to third parties thought to have been participating in identity theft and fraud. Aegis Medical Group was contacted by law enforcement agencies on September 11, 2019 in...

Read More
UNC Chapel Hill School of Medicine and Starling Physicians Report Phishing Attacks
Nov20

UNC Chapel Hill School of Medicine and Starling Physicians Report Phishing Attacks

University of North Carolina Chapel Hill School of Medicine has been hit by a phishing attack in which the protected health information of 3,716 patients has potentially been obtained by unauthorized individuals. A review by third-party forensics experts revealed that a number of employee email accounts were compromised between May 17, 2018 and June 18, 2018. It is not obvious when the security breach was first detected. The range of...

Read More
California Addiction Treatment Center Hit by Cyber Attack
Nov16

California Addiction Treatment Center Hit by Cyber Attack

An AWS S3 storage bucket owned by Sunshine Behavioral Health, LLC, a San Juan Capistrano, CA-based organization of drug and alcohol addiction rehabilitation centers, has been misconfigured, leading to the exposure of sensitive patient information. The misconfigured AWS S3 bucket was first reported to databreaches.net in August 2019. Sunshine Behavioral Health was contacted and the bucket was secured; however, the data exposure does...

Read More
Loyola Medicine and Main Street Clinical Associates Report PHI Theft Incidents
Nov14

Loyola Medicine and Main Street Clinical Associates Report PHI Theft Incidents

Main Street Clinical Associates, PA., in Durham, NC has contacted  certain patients that some of their protected health information was stored on devices that were illegally taken from its offices. The theft took place when the Main Street offices had been evacuated due to a bad gas explosion. Workers at the office were ordered to evacuate the building on April 10, 2019 following an explosion in an nearby building. Files and equipment...

Read More
Business Associate Phishing Attack Impacts TennCare and Florida Blue Members
Nov03

Business Associate Phishing Attack Impacts TennCare and Florida Blue Members

More healthcare organizations have revealed they have been impacted by a data breach at Magellan Health National Imaging Associates, a business associate of several HIPAA-covered groups that supply managed pharmacy and radiology benefits services. Danville, PA-located Geisinger Health Plan revealed last month that 5,848 of its account holders had been impacted by the breach and Albuquerque, NM-based Presbyterian Health Plan has...

Read More
Kalispell Regional Healthcare Contacts 140,209 Patients About Phishing Attack
Oct30

Kalispell Regional Healthcare Contacts 140,209 Patients About Phishing Attack

Kalispell Regional Healthcare, located in Montana, is currently getting in touch with around 140,000 patients that some of their protected health information (PHI) was potentially impacted in a security breach over the summer. Kalispell Regional Healthcare runs Kalispell Regional Medical Center, a 138-bed hospital in Kalispell, MT. The breach has impacted the majority of its patients. The breach impacted Kalispell Regional’s email...

Read More
Millions of Patients’ Sensitive Data Found to be Accessible via the Internet
Oct23

Millions of Patients’ Sensitive Data Found to be Accessible via the Internet

Due to the failure of nine companies to secure their medical databases, the sensitive health information of millions of patients has been exposed over the internet. The exposed patient data was found by security experts at WizeCase. The research team, headed by Avishai Efrat, used publicly available tools to search for exposed data that could be obtained without the need for any usernames or passwords. The firm then provides...

Read More
15,982 South Texas Dermatopathology Patients Contacted in Relation to AMCA Data Breach
Oct23

15,982 South Texas Dermatopathology Patients Contacted in Relation to AMCA Data Breach

South Texas Dermatopathology is the most recent victim of the data breach at American Medical Collection Agency (AMCA) to make the breach known to the Department of Health and Human Services Office for Civil Rights (OCR) and alert impacted patients. The breach was published on the OCR breach portal on October 7, 2019 and indicates 15,982 patients have been impacted. AMCA was a business associate of the San Antonio, TX-located medical...

Read More
Shared Network Drives Expose Thousands of Veterans’ Records
Oct19

Shared Network Drives Expose Thousands of Veterans’ Records

A report published by the Department of Veteran Affairs’ Office of Inspector General (VA OIG) audit has revealed that Internal Department of Veteran Affairs (VA) communications, disability claims, and the health information of thousands of veterans have been exposed and could possibly have been accessed by VA employees authorized to view the data. VA OIG completed an audit of the VA’s Milwaukee Regional Office following a call from a...

Read More
Healthcare Data Breach Report for September 2019 Published
Oct11

Healthcare Data Breach Report for September 2019 Published

36 healthcare data breaches of more than 500 records were reported to the Department of Health and Human Services’ Office for Civil Rights, during September, a 26.53% drop in the number of breaches from August. 1,957,168 healthcare records were illegally accessed in those breaches, a rise of 168.11% from August. The massive rise in the number of breached records is largely down to four reported incidents, each of which included...

Read More
Major Disruption to Patient Services at Campbell County Health due to Ransomware Attack
Sep23

Major Disruption to Patient Services at Campbell County Health due to Ransomware Attack

Campbell County Health in Gillette, WY, has experienced a ransomware attack that has shut down hospital systems and is preventing access to patient data. The attack took place in the early hours of Friday September 20, 2019 according to the Department of Health. An investigation into the attack has been initiated and attempts are ongoing to remove the ransomware, restore encrypted files, and bring systems back online; however, at the...

Read More
Phishing Attack on Ramsey County Impacts 117,905 Individuals
Sep20

Phishing Attack on Ramsey County Impacts 117,905 Individuals

Ramsey County has revealed that a phishing attack that took place in August 2018 impacted a great many more individuals than first thought. The victim count has been revised to 117,905 from 599. The original breach report stated the email accounts of 26 staff members were compromised in a phishing attack that took place around August 9, 2018. The attack was identified quickly and the affected accounts were locked down. The individuals...

Read More
Phishing Attacks at Magellan Health Subsidiaries Impact 56,226 Presbyterian Health Plan Subscribers
Sep18

Phishing Attacks at Magellan Health Subsidiaries Impact 56,226 Presbyterian Health Plan Subscribers

Magellan Health, based in Scottsdale, Arizona, has revealed that discovered two of its subsidiaries have experienced phishing attacks that exposed the protected health information of members of Albuquerque, NM-based Presbyterian Health Plan. The phishing attacks were identified by National Imaging Associates and Magellan Healthcare, which both supply services to Presbyterian Health Plan. Both incidents were reported to the Department...

Read More
First HIPAA Violation Case Under 2019 Right of Access Initiative Settled by OCR
Sep16

First HIPAA Violation Case Under 2019 Right of Access Initiative Settled by OCR

Earlier in 2019, the Department of Health and Human Services’ Office for Civil Rights (OCR) revealed that one of the main focuses of HIPAA enforcement in 2019 would be HIPAA right of access failures, including untimely responses to access requests and overcharging for copies of medical data. The HIPAA right of access permits patients to obtain copies of their medical records on request. HIPAA-covered entities must honor those requests...

Read More
UC Health Phishing Attack Affects Multiple Email Accounts
Sep10

UC Health Phishing Attack Affects Multiple Email Accounts

University of Cincinnati Health (UC Health) is looking into a security breach that saw the email accounts of multiple employees accessed by an unauthorized person The attack took place between July 6 and July 12, 2019 and involved ‘a limited number’ of employee email accounts. A review of the compromised email accounts revealed they included patients’ names, birth dates, medical record numbers, and some clinical data. A deep dive...

Read More

13,905 Patients Targeted in Artesia General Hospital Phishing Attack

Artesia General Hospital, located in Artesia New Mexico, has stated that protected health information (PHI) of 13,905 patients has been illegally accessed in a planned phishing attack. The breach was discovered when an employee’s email account was seen to have been used to send unauthorized emails. The breach was first noticed on June 18, 2019 and the forensic analysis revealed the account had been accessed by an unauthorized person...

Read More
PHI of 183,000 Patients Exposed in Phishing Attack on Presbyterian Healthcare Services
Aug27

PHI of 183,000 Patients Exposed in Phishing Attack on Presbyterian Healthcare Services

The Albuquerque, NM-based not-for-profit health organization Presbyterian Healthcare Services, has suffered a phishing attack that resulted in the email accounts of several workers subjected to unauthorized access. The phishing attack was noticed by Presbyterian Healthcare Services during June 6, 2019. The breach investigation showed the email accounts were infiltrated a month earlier, on or around May 9, 2019. Upon identification of...

Read More
3,000 Records Potentially Compromised in Rhode Island Healthcare Attack
Aug24

3,000 Records Potentially Compromised in Rhode Island Healthcare Attack

Rhode Island Ear, Nose and Throat Physicians Inc. (RIENT) is contacting 2,943 patients to make them aware that some of their health information was saved on a server which was subjected to unauthorized access on June 19, 2019 when a hacker obtained access to its databases. The breach was discovered the same day and the network was safeguarded. An external computer forensics firm was contracted to assist with the investigation and help...

Read More
10,000 Patients  Have Personal Data Impacted in Massachusetts General Hospital Breach
Aug24

10,000 Patients Have Personal Data Impacted in Massachusetts General Hospital Breach

Massachusetts General Hospital (MGH) has identified that computer applications used by security experts in its Department of Neurology have been infiltrated using unauthorized access. The individual to blame would have been able to access the protected health information of around 10,000 patients. MGH discovered the breach on June 24, 2019 and quickly shut down access to the applications and databases. An investigation was initiated,...

Read More
Researchers Provide Insights into Motivations Behind Healthcare Cyberattacks
Aug22

Researchers Provide Insights into Motivations Behind Healthcare Cyberattacks

A new report from FireEye provides insights into the motivations behind cyberattacks on U.S. healthcare organizations. The report shows patient information is not the only type of sensitive data being sought. There has been a marked increase in cyberattacks on cancer research institutes and medical institutions for the research data they hold. The attacks are being conducted by Advanced Persistent Threat (APT) groups affiliated to...

Read More
Data Breach Exposes Medical Records of Western Connecticut Health Network Patients
Aug22

Data Breach Exposes Medical Records of Western Connecticut Health Network Patients

Nuvance Health has started getting in touch with certain Western Connecticut Health Network (WCHN) patients to make them aware that some of their protected health information has been exposed. On June 11, 2019, WCHN sent a box of medical records to the Connecticut State Department of Public Health. The package was sent using the U.S. Postal Service (USPS), but the package was harmed while on the move, exposing the contents of the...

Read More
Washington Hospital Hit with $1m Ransom Demand
Aug16

Washington Hospital Hit with $1m Ransom Demand

A ransomware attack on an Aberdeen, WA-hospital and associated clinics is still wreaking havoc over two months after the initial attack took place. The cybercriminals have requested $1 million for the keys to unlock the encryption on the captured data. On June 15, 2019, Grays Harbor Community Hospital started noticing IT problems. The attack happened on a Saturday when staffing numbers were low so, at first, the problem was put down...

Read More
Lost Thumb Drive was used to Store PHI of Renown Health Patients
Aug12

Lost Thumb Drive was used to Store PHI of Renown Health Patients

Renown Health, the largest healthcare supplier in Northern Nevada, has started getting in touch with certain patients to make them aware that some of their protected health information (PHI) may have was accessible.Patient information was held in files on a portable storage device (thumb drive) identified as missing on June 30, 2019. An extensive search of the facility was conducted but the thumb drive could not be found. An...

Read More
2019: A Particularly Bad Year for Healthcare Data Breaches
Aug07

2019: A Particularly Bad Year for Healthcare Data Breaches

Cyberattacks on healthcare organizations have continued to increase throughout the first half of 2019 and this year has seen the discovery of the second largest healthcare data breach ever reported. American Medical Collection Agency experienced a cyberattack in which the records of more than 20 million patients were exposed and potentially stolen. It should be no surprise to hear that in terms of both the number of healthcare data...

Read More
AMCA Breach Impacts 2.2 Million Patients  of Clinical Pathology Laboratories
Jul24

AMCA Breach Impacts 2.2 Million Patients of Clinical Pathology Laboratories

It has recently been discovered that the protected health information (PHI) of approximately 2.2 million of patients of Clinical Pathology Laboratories in Texas may have been infiltrated in the data breach at American Medical Collection Agency (AMCA). AMCA supplies debt collection services to many healthcare firms, which necessitates access to the PHI of patients with outstanding bills. A cyberattack on the AMCA payment website...

Read More
AMCA Data Breach Total Nears 25 Million
Jul23

AMCA Data Breach Total Nears 25 Million

The number of healthcare providers confirmed to have been affected by the American Medical Collection Agency (AMCA) data breach has continued to grow over the past week. To date, 18 healthcare providers have made announcements that the protected health information they provided to AMCA has been exposed. AMCA is a collection agency that works with several healthcare organizations and recovers unpaid medical bills. In March 2019,...

Read More
25,000 Adirondack Health Patients Hit by Email Account Hack
Jul21

25,000 Adirondack Health Patients Hit by Email Account Hack

Vermont-based Adirondack Health is getting in touch with around 25,000 patients that some of their protected health information has potentially been obtained by a cyber criminal. Information such as patients’ names, dates of birth, Medicare ID numbers or health insurance member numbers, and limited treatment and/or clinical information. A smaller subset of patients also had their Social Security number accessible. Adirondack Health is...

Read More
14,591 DHS Patients have PHI Compromised in Phishing Attack on California Business Associate
Jul16

14,591 DHS Patients have PHI Compromised in Phishing Attack on California Business Associate

Nemadji Research Corporation, an outfit working with California Reimbursement Enterprises, has revealed that an unauthorized person obtained access to the email account of a staff emmber and may have viewed or copied the protected health information (PHI). California Reimbursement Enterprises is a business associate of several healthcare centers and hospitals in California and operates to provide a patient eligibility and billing...

Read More
Tennessee Hospice Phishing Attack may have Impacted Sensitive Data
Jul12

Tennessee Hospice Phishing Attack may have Impacted Sensitive Data

A provider of end-of-life care, palliative care, bereavement support and community education based in Alive Hospice in Nashville, Tennessee has revealed  that the email account of a staff member was infiltrated during May 2019. On May 6, 2019, suspicious activity was noticed  in a staff member’s account. The password for the account was quickly amended and an investigation was launched into the cause of the violation. The...

Read More
Unauthorized Use of PHI as Teaching Tool Leads to Legal Action by Student
Jul08

Unauthorized Use of PHI as Teaching Tool Leads to Legal Action by Student

A medical student at Marshall University is suing the institution, along with Cabell Huntington Hospital, in relation to the unauthorized sharing of some of his protected health information (PHI) to a class of students. The student, who is referred to only as as J.M.A in the lawsuit, alleges that his x-rays were used as a teaching tool by a professor at Marshall University Joan C. Edwards School of Medicine, but information...

Read More
California and Illinois Clinics Discover Ransomware Attacks
Jun26

California and Illinois Clinics Discover Ransomware Attacks

Quantum Vision Centers and Eye Surgery Center patients located in Illinois are being contact to make them aware that some of their protected health information may have been illegally obtained in an April 2019 ransomware attack. An unauthorized person obtained access to certain Quantum systems and deployed ransomware on April 18, 2019. The ransomware encrypted files, some of which included data such as names, dates of birth,...

Read More
645,000 Clients of Oregon Department of Human Services Alerted Regarding Phishing Breach
Jun22

645,000 Clients of Oregon Department of Human Services Alerted Regarding Phishing Breach

The Oregon Department of Human Services (ODHS) is making contact with 645,000 clients to advise them that some of their personal information may have been compromised due to a phishing attack.The targeted attack kicked off on January 9, 2019 and lead to 9 ODHS employees clicking on links in emails and disclosing their login details. ODHS and the Department of Administrative Services Enterprise Security Office noticed the breach on...

Read More
Two Maryland Healthcare Providers Affected by Potential Breach at Meditab Software
Jun21

Two Maryland Healthcare Providers Affected by Potential Breach at Meditab Software

In Maryland two healthcare providers have been impacted by a possible data breach that took place at their business associate, Meditab Software Inc.Meditab supplies EMR and practice management software to healthcare providers and its systems include patient data. In March 2019, Meditab found some protected health information (PHI) had been left unsecured. Meditab had established a portal to view statistics for its Fax Cloud services....

Read More
Phishing Breach Notifications Sent to 645,000 Clients of Oregon Department of Human Services
Jun10

Phishing Breach Notifications Sent to 645,000 Clients of Oregon Department of Human Services

The Oregon Department of Human Services (ODHS) is making contact with 645,000 clients to advise them that a portion of their personal information was possibly impacted due to a phishing attack. The phishing attack took place beginning on January 9, 2019 and lead to nine ODHS members of staff visiting links in emails and disclosing their login details. ODHS and the Department of Administrative Services Enterprise Security Office...

Read More
Misconfigured ElasticSearch Server at University of Chicago Medicine Exposed Over 1.68M Records
Jun07

Misconfigured ElasticSearch Server at University of Chicago Medicine Exposed Over 1.68M Records

It has been revealed that University of Chicago Medicine has discovered more than 1.68 million of its records have been exposed due to a misconfigured server. The records were saved on a misconfigured ElasticSearch server which had mistakenly had protections removed allowing it to be accessed over the internet without the requirement for any authentication. The misconfiguration permitted a database to be accessed which included...

Read More
AMCA Breach Affects Almost 7.7 Million Patients
Jun06

AMCA Breach Affects Almost 7.7 Million Patients

After reports that the data breach at American Medical Collection Agency (AMCA) impacted the records of 11.9 million Quest Diagnostics patients, comes revelation that another healthcare company that has been impacted by the breach. On June 4, 2019, LabCorp, a different nationwide group of blood testing centers, announced that 7.7 million people whose blood samples were processed by the company may have had their sensitive information...

Read More
LabCorp Impacted by AMCA Data Breach: Up to 7.7 Million Customers Affected
Jun05

LabCorp Impacted by AMCA Data Breach: Up to 7.7 Million Customers Affected

A day after Quest Diagnostics confirmed 11.9 million of its customers have been affected by a cyberattack on American Medical Collection Agency (AMCA) comes news that a rival network of blood testing laboratories has also been impacted. LabCorp also uses AMCA’s billings collection services and the data of its customers has also been exposed. In a recent U.S. Securities and Exchange Commission (SEC) filing, LabCorp states that it...

Read More
Sensitive Information of 11.9 Million Quest Diagnostics Patients Compromised
Jun04

Sensitive Information of 11.9 Million Quest Diagnostics Patients Compromised

Quest Diagnostics, one of the leading medical laboratories and blood testing companies in the United States, has been affected by a data breach at one of its vendors. That breach has resulted in the exposure and potential theft of almost 12 million individuals’ personal, medical, and financial information. According to a recent U.S. Securities and Exchange Commission (SEC) filing, Quest Diagnostics was notified of a data breach at the...

Read More
Medical Informatics Engineering Settles HIPAA Violation Cases for $1 Million
May28

Medical Informatics Engineering Settles HIPAA Violation Cases for $1 Million

The electronic medical record software company Medical Informatics Engineering (MIE) has agreed to settle its HIPAA violation case with the U.S. Department of Health and Human Services’ Office for Civil Rights for $100,000 and has agreed to pay $900,000 to resolve a multi-state action filed by state attorneys general over a 2015 data breach. MIE experienced a data breach on May 7, 2015 when hackers gained access to a server used by...

Read More
PHI Uploaded to Unapproved and Unsecured Cloud Service Used by UMC Physicians
May21

PHI Uploaded to Unapproved and Unsecured Cloud Service Used by UMC Physicians

UMC Physicians, based in Lubbock, is contacting patients of UMC Southwest Gastroenterology to make them aware that some of their protected health information has been exposed due to errors of judgement by two of its employed providers. Those suppliers had each set up a Google shared drive which was used to track follow up jobs related to the provision of care to patients. While the shared drives were set up with good aims and were...

Read More
Verity Health’s St. Vincent Medical Center Reports Phishing Attack
May20

Verity Health’s St. Vincent Medical Center Reports Phishing Attack

St. Vincent Medical Center, a part of Verity Health System, has announced  a staff email account has been hacked following a response to a phishing email. The breach took place on March 15, 2016 and involved the email account of a hospital pathologist. The account compromise was discovered on March 26 and the account was secured within hours. During the period of time time that the unauthorized individual had access to the account, it...

Read More
1,100 Spectrum Health Lakeland Patients Affected by Phishing Attack
May11

1,100 Spectrum Health Lakeland Patients Affected by Phishing Attack

Spectrum Health Lakeland has revealed that a breach, the second the group has suffered in as many months, has exposed the protected health information (PHI) of some of its clients. The previous breach took place at Wolverine Services Group and affected around 60,000 of its patients. The latest incident involved an unauthorized person obtaining access to an email account due to the response to a phishing email. As was the case with the...

Read More

Extensive HIPAA Failures Lead to $3 Million Fine for Touchstone Medical Imaging

The Department of Health and Human Services’ Office for Civil Rights (OCR) has revealed that a settlement has been agreed between with the Franklin, TN-based diagnostic medical imaging services firm, Touchstone Medical Imaging. The settlement resolves many breaches of HIPAA Rules identified by OCR during the review of a 2014 data breach. Touchstone Medical Imaging has agreed to a settlement of $3,000,000 in relation to the violations...

Read More
Chinese Nationals Charged over 78.8 Million-Record Anthem Inc Hack
May10

Chinese Nationals Charged over 78.8 Million-Record Anthem Inc Hack

The U.S. Department of Justice has announced that two Chinese nationals have been charged over the 2015 hacking of Anthem Inc., and three other cyberattacks on U.S. businesses. In February 2015, Anthem Inc., discovered its systems had been infiltrated. Further investigation revealed the records of 78.8 million plan members had been stolen in what was, and still is, the largest healthcare data breach ever to be discovered. On Thursday,...

Read More
American Baptist Homes of the Midwest Reports Ransomware Attack
May10

American Baptist Homes of the Midwest Reports Ransomware Attack

American Baptist Homes of the Midwest (ABHM), a supplier of assisted living and assisted care centers around the U.S Midwest, has reported a security breach involving the use of ransomware on its systems. The attack began on or around March 10, 2019. The attack was detected quickly, but only after the encryption routine had kicked off. The attack was disabled and affected accounts were secured, but not in time to prevent widespread...

Read More
Bodybuilding.com Data Breach Impacts 3,193 Employees
May10

Bodybuilding.com Data Breach Impacts 3,193 Employees

The bodybuilding and personal fitness website Bodybuilding.com has revealed it has had to deal with a security incident that may have lead to the information of customers and employees being accessed by unauthorized people. While the breach affecting customers was not a reportable incident under HIPAA, HIPAA does cover group health plans. As such, bodybuilding.com was required to report the breach of group members’ PHI to the Office...

Read More
Delayed Breach Response Costs Tennessee Medical Imaging Firm $3 Million
May08

Delayed Breach Response Costs Tennessee Medical Imaging Firm $3 Million

It is not possible to prevent all healthcare data breaches, but when a breach is experienced it must be investigated and mitigated promptly. Delaying the breach response and notifications can prove extremely costly, as the Tennessee medical imaging firm Touchstone Medical imaging discovered. On May 9, 2014, Touchstone Medical Imaging was notified by the FBI that an FTP server had been left unsecured. At the same time, the HHS’ Office...

Read More
PII of 137,000 Individuals Discovered in Unsecured Elasticsearch Database
May03

PII of 137,000 Individuals Discovered in Unsecured Elasticsearch Database

An unsecured Elasticsearch database containing the personally identifiable information of approximately 137,000 people has been exposed over the Internet. The database was discovered by security researcher Jeremiah Fowler, who determined that the data belonged to the medical emergency evacuation service provider SkyMed. Fowler discovered the security settings for the database had not been correctly configured and the database could be...

Read More

Business Associate Phishing Attack Impacts PHI of 17,531 Patients

Women’s Health USA Inc., an Avon, CT-based business associate that supplies a range of practice management services to healthcare groups, has suffered a phishing attack that has lead to the exposure of patients’ protected health data. A review was initiated following the discovery of suspicious activity within specific employee email accounts. The targeted email accounts were safeguarded, and a leading cybersecurity firm was engaged...

Read More