Accessing Medical Records Without Authorization Leads to Hospital Employee Being Sacked
Dec13

Accessing Medical Records Without Authorization Leads to Hospital Employee Being Sacked

The medical histories of 769 patients at Lowell General Hospital have been accessed by an member of staff without any valid work reason. By accessing the medical records, the member of staff breached the Massachusetts- based hospital policies and violated the privacy of hospital patients. Once the breach was discovered, and completion of the following investigation, the employee was fired. Lowell General Hospital was content that only...

Read More
Healthcare Worker Stole PHI of 28,000 Health Care Services Patients
Dec12

Healthcare Worker Stole PHI of 28,000 Health Care Services Patients

Private documents holding the PHI of patients have been stolen by a former employee of the Center for Health Care Services (CHCS) in San Antonio, a provider of mental health treatment and support services for patients with intellectual and developmental disabilities. Notifications of the breach have been sent to 28,434 patients who received care at CHCS before the summer of 2016. The breach of PHI was only found on November 7, 2017,...

Read More
Pennsylvania Obs/Gyn Clinic PHI Breached Due to Improper Disposal
Dec11

Pennsylvania Obs/Gyn Clinic PHI Breached Due to Improper Disposal

Paper files from Women’s Health Consultants, an obstetrics and gynecology practice that had centers in South Whitehall Township and Hanover Township, PA  have been dumped at a recycling center in Allentown, Pennsylvania. The files – containing names, Social Security numbers, and medical histories, including details of cancer diagnoses and sexually transmitted diseases – seem to have come from the firm which is no longer...

Read More

PHI Breach at UAB Medicine Leaves 652 Potentially Exposed

In Birmingham, Alabama, the UAB Medicine Viral Hepatitis Clinic has discovered a breach of patients’ protected health information (PHI) that could have affected up to 652 patients. The group, UAB Medicine, uses flash drives to transfer information from its Fibroscan machine to a computer. Two flash drives were identified discovered as missing on October 25, 2017. The portable storage devices were used to hold a limited amount of PHI...

Read More
Personal Information of New York Pharmacy Customers Exposed in Improper Disposal Incident
Dec06

Personal Information of New York Pharmacy Customers Exposed in Improper Disposal Incident

A security breach, involving the improper disposal of a device used to capture customers’ signatures, has been encountered by ShopRite Supermarkets, Inc. The device in question was used at the ShopRite, Kingston, NY location between 2005 and 2015 and stored personal and medical data. Customers who attended the pharmacy and had prescriptions supplied between 2005 and 2015 have potentially been impacted by the exposure. For those...

Read More
Extortion Attempt on Sports Medicine Provider Exposes Private Data of 7,000 Individuals
Dec05

Extortion Attempt on Sports Medicine Provider Exposes Private Data of 7,000 Individuals

Sports Medicine & Rehabilitation Therapy (SMART), based in Massachusetts, has contacting 7,000 clients regarding a breach of their protected private health information that occurred in September 2017. Potentially, the breach impacted all clients whose data was saved during a visit to a SMART outlet prior to December 31, 2016. Hackers, in an extortion attempt, accessed SMART systems, allegedly stole private information, and asked...

Read More
Multiple Breaches Leads to $2m Fine for Cottage Health
Dec04

Multiple Breaches Leads to $2m Fine for Cottage Health

Cottage Health, the Santa Barbara-based healthcare provider, will pay $2 million to resolve multiple violations of state and federal laws as per a directive from the California attorney general’s office. The group was examined by the California attorney general’s office in relation to a breach of private patient data back in 2013. The breach of data was found by the organization on December 2, 2013, when someone made the healthcare...

Read More
Rocky Mountain Health Care Services has Second Unencrypted Laptop Stolen
Nov30

Rocky Mountain Health Care Services has Second Unencrypted Laptop Stolen

An unencrypted laptop has been stolen from one of its employees of Rocky Mountain Health Care Services of Colorado Springs. This is the second such incident to be identified in just three months. The most recent incident was identified on September 28. The laptop computer was seen to store the protected health information of a small number of patients. The types of data stored on the device included first and last names, addresses,...

Read More
Medical College of Wisconsin Phishing Attack Affects 9,500 Patients
Nov29

Medical College of Wisconsin Phishing Attack Affects 9,500 Patients

The exposure of approximately 9,500 patients’ protected health information at the Medical College of Wisconsin has been caused by a phishing attack. The attackers were able to gain access to several staff members’ email accounts, which included a variety of sensitive information of patients and some faculty employees. The types of data in the accessed email accounts included names, addresses, medical record numbers, dates of birth,...

Read More
Clinic Worker Who Stole PHI Jailed for Five Years
Nov27

Clinic Worker Who Stole PHI Jailed for Five Years

A staff member at a clinic who stole the protected health information of mentally ill patients and sold the data to identity thieves for profit has fail in an appeal to get a five-year jail term lessened. Jean Baptiste Alvarez, aged 43, of Aldan, PA, obtained daily census sheets from the Kirkbride Center, a 267-bed behavioral health care facility located in Philadelphia. The census sheets included all the information required to steal...

Read More
Suspected UPMC Susquehanna Phishing Attack Exposes 1,200 Patients’ PHI
Nov23

Suspected UPMC Susquehanna Phishing Attack Exposes 1,200 Patients’ PHI

A network of hospitals and medical centers in Williamsport, Wellsboro and Muncy in Pennsylvania, called UPMC Susquehannam has revealed that the protected health information of 1,200 patients has possibly been accessed by unauthorized people. Access to patient information is thought to have been obtained after an worker replied to a phishing email. While information regarding the breach date have not been published, UPMC Susquehanna...

Read More
Blue Cross and Blue Shield of Florida Breach Impacts Almost 1,000 People
Nov22

Blue Cross and Blue Shield of Florida Breach Impacts Almost 1,000 People

Blue Cross and Blue Shield of Florida, dba Florida Blue, has announced to the public that the personally identifiable information of a small number of insurance applicants has been improperly accessed online. Florida Blue discovered to the exposure of patient data in late August 2017 and immediately initiated a review. Florida Blue reports that the showed that 475 insurance applications had been saved to the cloud by an unaffiliated...

Read More
Protenus November Breach Baromoter Highlight Internal Breaches
Nov21

Protenus November Breach Baromoter Highlight Internal Breaches

Following an unusually bad September, healthcare data breach incidents fell to more typical levels, with 37 breaches tracked in October according to the November 2017 Healthcare Breach Barometer Report from Protenus. The Protenus monthly summary of healthcare data breaches collates incidents reported to the Department of Health and Human Services’ Office for Civil Rights (OCR), and incidents made public using media outlets and tracked...

Read More
New Jersey Medical Practice has Boxes of Medical Records Stolen
Nov21

New Jersey Medical Practice has Boxes of Medical Records Stolen

Otolaryngology Associates of Central Jersey is making contact with patients to advise them of breach of their protected health information, following a theft at an off-site storage service in East Brunswick, NJ. The thieves removed thirteen boxes of paper medical records from the service, which included data like names, addresses, health insurance account numbers, birth dates, dates of military duty served, and the names of treating...

Read More
Contacts Stolen and Spear Phishing Emails Sent by Ursnif Trojan
Nov17

Contacts Stolen and Spear Phishing Emails Sent by Ursnif Trojan

The financial sector banking Trojan Ursnif, one of the most commonly experienced banking Trojans, has before been used to attack banking institutions. However, it seems the individuals behind the malware have expanded their horizons, with cyberattacks now being carried out on a wide variety of groups across many different sectors, including healthcare. The new strain of the Ursnif Trojan was found by researchers at security firm...

Read More
CyberAttack Infection Found by Catholic Charities of the Diocese of Albany
Nov10

CyberAttack Infection Found by Catholic Charities of the Diocese of Albany

The Catholic Charities of the Diocese of Albany (CCDA) was performing an upgrade of its computer security software during August when it found malware on its systems. The software was discovered to have been placed on one of the computer servers located at its Glens Falls office, which provided treatment to based patients in Saratoga, Warren and Washington Counties in New York. They acted quickly was taken to block access to the...

Read More
Ransomware Attack Affects: 8,750 Patients According to Aging Agency
Nov09

Ransomware Attack Affects: 8,750 Patients According to Aging Agency

East Central Kansas Area Agency on Aging (ECKAAA), an Ottawa-based body, has reported that a ransomware attack, resulting in the encryption of files on one of the agency’s servers, has exposed files containing the protected health information (PHI) of approximately 8,750 patients. The cyberattack happened on September 5, 2017 and was immediately located by ECKAAA, which took swift moves to limit the spread of the infection. Dues to...

Read More
NY AG Brings in Stop Hacks and Improve Electronic Data Security Act (SHIELD Act)
Nov08

NY AG Brings in Stop Hacks and Improve Electronic Data Security Act (SHIELD Act)

Aiming to protect New Yorkers from unwelcome breaches of their personal information, The Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) has been introduced into the legislature in New York by Attorney General Eric T. Schneiderman. It is hoped that this Act with ensure that those affected will be notified when such breaches are incurred. Sponsored by Senator David Carlucci (D-Clarkstown) and Assembly member Brian...

Read More
Breach of PHI at Texas Children’s Health Plan After Staff Member Sent Emails to Personal Account
Nov07

Breach of PHI at Texas Children’s Health Plan After Staff Member Sent Emails to Personal Account

A breach of HIPPA has occurred at the Texas Children’s Health Plan after it has been found that the protected health information (PHI) of 932 clients has been emailed to the personal private email account of a former member of staff. The violation of privacy was incident was first seen on September 21, 2017, although it was discovered that the former member of staff emailed the private data in November and December 2016. The emails...

Read More
New Variant of WannaCry Ransomware Detected in FirstHealth CyberAttack
Nov03

New Variant of WannaCry Ransomware Detected in FirstHealth CyberAttack

A new variant of the WannaCry ransomware has been detected in a cyber attack on FirstHealth of the Carolinas, a Pinehurst, SC-based not for profit health provider. WannaCry ransomware came to global attention in cybers attacks in May 2017. In excess of 230,000 computers were infected within one day of the worldwide attacks starting. The ransomware variant had wormlike features and was capable of spreading quickly and affecting all...

Read More
PHI of 8,000 Possibly Exposed in Following Office Break In
Nov02

PHI of 8,000 Possibly Exposed in Following Office Break In

An office break in and subsequent computer theft has lead to the possible exposing of the protected health information (PHI) of up to 8,000 clients of Brevard Physician Associates. has been exposed after a desktop computer was stolen in a burglary. The break in happened on Labor Day September 4, 2017 when Brevard Physician Associates business premises was closed. Thieves gained access to the offices early that morning and illegally...

Read More
Consolidated Inc. Data Breach Impacts 21,856 People
Oct29

Consolidated Inc. Data Breach Impacts 21,856 People

Nebraska-based CBS Consolidated Inc., operating as Cornerstone Business & Management Solutions, completed a routine audit of system logs on July 10, 2017 and found an unfamiliar account on the server. Closer inspection of that account showed it was being used to download sensitive data from the server, including the protected health information of patients that used its medical supplies. 21,856 people who received durable medical...

Read More
3,725 Veterans Have Their PHI Exposed Due to Missing Laptop
Oct27

3,725 Veterans Have Their PHI Exposed Due to Missing Laptop

A laptop computer, no longer in use, owned by the Mann-Grandstaff VA Medical Center (MGVAMC) in Spokane, WA, has gone missing, potentially leading to the exposure of sensitive patient data. The laptop was linked to a hematology analyzer and held data related to hematology tests. The laptop was in operation between April 2013 and May 2016, but was put out of use when the device became unusable. The laptop, which had been purchased from...

Read More
Data Breaches Drop For Second Consecutive Month
Oct26

Data Breaches Drop For Second Consecutive Month

The latest report of the Breach Barometer from Protenus/Databreaches.net Healthcare shows that data violations have dropped for the second consecutive month, according to . In August, there were 33 reported healthcare data violations, down from 36 incidents in July and 56 in June. While the drop int he number of data breaches is encouraging, that is still more than one healthcare data breach per day. While it was the second best month...

Read More
Multiple Security Weaknesses in Alabama’s Medicaid Management Information System OIG Identified
Oct24

Multiple Security Weaknesses in Alabama’s Medicaid Management Information System OIG Identified

The HHS’ Office of Inspector General (OIG) has completed an audit of Alabama’s Medicaid data and information systems to adetermine whether the state was in compliance with federal regulations. The review included the Medicaid Management Information System (MMIS) and associated policies and processes. OIG also carried out a vulnerability scan on networked devices, databases, websites, and servers to identify vulnerabilities that could...

Read More
PHI of 10,500 Patients Found in Illinois Basement
Oct18

PHI of 10,500 Patients Found in Illinois Basement

The medical history of more than 10,000 patients have been discovered in a basement in Aurora, Illinois. The documentation was located at the house, rented from Naperville-based psychiatrist Dr. Riaz Baber, M.D., by the woman who rented it. The files had been stored in the basement for at least 4 years. The female tenant, Barbara Jarvis-Neavins, claims that she was given access to the basement by the psychiatrist’s wife when workmen...

Read More
51,000 Plan Subscribers Hit by Network Health Phishing Attack
Oct16

51,000 Plan Subscribers Hit by Network Health Phishing Attack

Network Health has advised 51,232 of its plan subscribers that some of their protected health information (PHI) has possibly been accessed by unauthorized people. In August 2017, some Network Health Wisconsin-based employees received sophisticated phishing emails. Two of those staff members responded to the scam email and divulged their login credentials to the attackers, who used the details to gain access to their private email...

Read More
Hacking Group ‘The Dark Overlord’ Attacks Another Healthcare Organization
Oct09

Hacking Group ‘The Dark Overlord’ Attacks Another Healthcare Organization

After a seemingly prolonged period of inactivity, the hacking group TheDarkOverlord has revealed another attack on a U.S. healthcare supplier, Mass-based SMART Physical Therapy (SMART PT). The hack reportedly happened on September 13, 2017, with the announcement of the data theft released by TDO on Twitter on Friday 22, 2017.  No details were given as to how access to the data was gained, although it was revealed to databreaches.net...

Read More
Catholic Charities of the Diocese of Albany Discovers Long-Term Malware Infection
Oct09

Catholic Charities of the Diocese of Albany Discovers Long-Term Malware Infection

Catholic Charities of the Diocese of Albany (CCDA) has discovered, during a software upgrade in August 2017, that malware  was installed on one of the computer servers used by its Glens Falls premise, which provides services in Saratoga, Warren and Washington Counties in New York. A quick response was taken to block access to the server and CCDA called in a computer security firm to carry out an investigation into the unauthorized...

Read More
128,000 Arkansas Patients Attacked by Ransomware
Oct05

128,000 Arkansas Patients Attacked by Ransomware

128,000 patients at the Arkansas Oral Facial Surgery Center in Fayetteville have had their private information potentially impacted following a a ransomware. Ransomware was believed to have been placed on its network between July 25 and 26, 2017. The attack was identified quickly, although not before files, x-ray images, and documents had been encrypted. The incident did not break through the encryption of its patient database, except...

Read More
Medical Records Illegally Acccessed at PeaceHealth Over Six-Year Period
Oct04

Medical Records Illegally Acccessed at PeaceHealth Over Six-Year Period

It has been discovered that the medical records of almost 2,000 patients was illegally accessed by a former employee at PeaceHealth, a not-for-profit Catholic health system based in Vancouver, WA.   The unauthorized access was identified by PeaceHealth on August 9, 2017, leading tyo an investigation. PeaceHealth found the inappropriate access started in November 2011 and went on until July 2017. The inquiry revealed that Social...

Read More
Ransomware and Phishing Rated Top Threats by IT Professionals
Oct03

Ransomware and Phishing Rated Top Threats by IT Professionals

A recent survey by Cyren, conducted by Osterman Research, has revealed the biggest concerns of IT professionals are ransomware and phishing. When asked about their biggest security concerns, 62% said ransomware, 61% said phishing, and 54% said data breaches. The survey also showed that investment in cyber defenses has increased, yet for many firms, even further investment in security solutions has failed to prevent data breaches. It...

Read More
1,140 Patients Have Private Data Violated at Our Lady of the Angels Hospital
Oct03

1,140 Patients Have Private Data Violated at Our Lady of the Angels Hospital

An investigation has show that a former member of staff obtained the medical records of 1,140 patients without authorization at Our Lady of the Angels Hospital. The former staff member had been granted access to the protected health information in order to conduct work duties; however, hospital staff found that the employee was accessing medical records without any acceptable work reason for doing so. The unauthorized access was found...

Read More
Mercy Health Love County Hospital Breach Might have Exposed Records of 13,000 Patients
Oct02

Mercy Health Love County Hospital Breach Might have Exposed Records of 13,000 Patients

The personal data of more than 13,000 patients at Mercy Health Love County Hospital in Oklahoma may have been breached. On June 23, 2017, the hospital found that an employee had stolen a laptop computer and paper records from a storage unit which was owned by the hospital. The breach notice broadcast by Mercy Health revealed that the records of 10 patients were taken from the device along with the laptop. The theft of PHI was first...

Read More

Hurricane Maria Disaster Zone: Partial HIPAA Privacy Rule Waiver Issued by HHS

A third HIPAA waiver has been issued by the U.S. Department of Health and Human Services, following applying two earlier partial waivers of HIPAA sanctions and penalties in areas affected by hurricanes previously in 2017. On this occasion the waiver is in relation to the Hurricane Maria disaster zone in Puerto Rico and the U.S. Virgin Islands. As with the waivers issued in relation to Hurricane Harvey and Hurricane Irma, the waiver...

Read More
Equifax Announces Second Data Breach Occurred Five Months Ago
Sep19

Equifax Announces Second Data Breach Occurred Five Months Ago

The Equifax data breach that exposed the records of 143 million consumers was not the only data breach the firm experienced this year. Equifax has said a second, earlier breach was discovered in March. A statement released by the credit monitoring agency says the two attacks were unrelated; however, Bloomberg suggests one person close to the investigation suggested both attacks were performed by the same individuals. It may be that...

Read More
Piriform Alerts Users That CCleaner Contained Malware
Sep19

Piriform Alerts Users That CCleaner Contained Malware

Piriform’s CCleaner, a free PC cleaning app with 130 million users around the world, has been discovered to contain malware. Researchers at Cisco Talos recently announced that CCleaner contains a backdoor that was inserted by hackers. The backdoor was present in two versions of the application – the 32-bit version of CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191. The backdoor was inserted into those versions at least a month before...

Read More
Beware of Equifax Data Breach Phishing Scams
Sep14

Beware of Equifax Data Breach Phishing Scams

Consumers are being warned to be on high alert for Equifax data breach phishing scams, telephone and text message scams, and fraudulent use of their sensitive information. Almost Half of All Americans Impacted by Equifax Data Breach The massive Equifax data breach has resulted in the personal information of almost half of the population of the United States being stolen. More than 143 million Americans have been impacted by the...

Read More
Equifax Data Breach Affects 143 Million Consumers
Sep10

Equifax Data Breach Affects 143 Million Consumers

A massive Equifax data breach has resulted in the exposure, and possible theft, of 143 million American’s records, including highly sensitive data such as Social Security numbers.  To put that figure into perspective, that’s virtually half the population of the United States. Hackers gained access to a website database via an unpatched vulnerability in a web application. Security experts are suggesting the vulnerability was in Apache...

Read More
Kaleida Health Suffers Second Phishing Attack in Space of 2 Months
Sep01

Kaleida Health Suffers Second Phishing Attack in Space of 2 Months

Kaleida Health has announced an employee has fallen for a phishing scam that resulted in the protected health information of 744 patients being exposed, and potentially obtained by an unauthorized individual. The phishing attack occurred on June 26, 2017 and resulted in access being gained to the employee’s email account. The email account contained a range of protected health information including names, medical record numbers,...

Read More
City of Hope Phishing Attack Impacts 3,400 Patients
Aug14

City of Hope Phishing Attack Impacts 3,400 Patients

A recent City of Hope phishing attack has potentially resulted in the PHI of 3,400 patients being accessed by cybercriminals. City of Hope employees were sent phishing emails on May 31 and June 2, 2017. Four employees responded to the emails and disclosed their email credentials to the attackers. Four email accounts were accessed by the attackers. While the email accounts contained sensitive information, City of Hope officials do not...

Read More
Mid-Year Healthcare Data Breach Report Shows Insiders Pose the Biggest Data Breach Risk
Aug03

Mid-Year Healthcare Data Breach Report Shows Insiders Pose the Biggest Data Breach Risk

Protenus has released its mid-year healthcare data breach report. The Breach Barometer reports chart the data breaches experienced by healthcare organizations each month and include data from the Office for Civil Rights and other verified sources. The mid-year data breach report is a summary of all breaches reported between January and June 2017. The mid-year healthcare data breach report shows that while the number of data breaches...

Read More
2,789 Patients’ PHI Compromised in Phishing Attack
Aug02

2,789 Patients’ PHI Compromised in Phishing Attack

Kaleida Health has announced that a phishing attack has resulted in an email account being compromised, and along with it, the protected health information of 2,789 of its patients. Kaleida Health became aware of the incident on May 24, 2017, and called on a computer forensics firm to assess which patients have been affected and the extent to which its systems had been compromised. The firm determined the attack was limited to one...

Read More
Anthem Inc Announces 18,580 Record Data Breach
Jul31

Anthem Inc Announces 18,580 Record Data Breach

Anthem Inc., has recently settled a class-action lawsuit filed by the victims of its 2015 data breach that saw 78.8 million health insurance records stolen by hackers. The insurer settled the case for $118 million. A month after the settlement was announced, the company has confirmed its plan members have been affected by another data breach. This time the insurance records of 18,580 individuals have been exposed. The breach occurred...

Read More
ITRC Report Shows Hacking Continues to be the Main Cause of Data Breaches
Jul21

ITRC Report Shows Hacking Continues to be the Main Cause of Data Breaches

The main cause of data breaches in the United States is still hacking according to a new report released by the Identity Theft Resource Center (ITRC). The report also shows that in the year to June 30, 2017, U.S data breaches have hit a record high, with 791 confirmed data breaches reported. The data breach count has increased by 29% since the report was issued last year, with ITRC expecting the data breaches to reach 1,500 by the end...

Read More
Ransomware Investigation Uncovered 15-Month Data Breach
Jul20

Ransomware Investigation Uncovered 15-Month Data Breach

When Peachtree Neurological Clinic was attacked with ransomware all was not lost as data were recoverable from backups; however, the ransomware investigation revealed something far worse. Its systems had been breached 15 months previously. The ransomware incident resulted in the encryption of the provider’s electronic medical records. A ransom demand was issued. Payment was required in exchange for the keys to unlock the encryption....

Read More
UK Hospital Cybersecurity Funding to Increase by £21 Million
Jul16

UK Hospital Cybersecurity Funding to Increase by £21 Million

Hospital cybersecurity funding has been increased in the UK in the wake of the recent WannaCry ransomware attacks that crippled parts of the NHS. Health Secretary Jeremy Hunt has pledged a further £21 million ($27 million) will be made available to 27 major trauma centers in the UK to improve their cybersecurity protections. The additional hospital cybersecurity funding is intended to make it harder for hospitals to be attacked with...

Read More
$115 Million Anthem Data Breach Settlement Agreed
Jun27

$115 Million Anthem Data Breach Settlement Agreed

A $115 million Anthem data breach settlement has been agreed in the consolidated data breach case filed on behalf of the 78.8 million victims of the firm’s 2015 data breach. If the Anthem data breach settlement is approved by the judge presiding over the case it will be a record-breaker – The largest data breach settlement ever reached. That said, the amount each victim will receive will be low. Lawyers will take one third of the...

Read More
Healthcare Data Breach Resolution Costs Fall
Jun26

Healthcare Data Breach Resolution Costs Fall

Healthcare data breach resolution costs are still higher than all other industries, but the latest Ponemon Institute/IBM Security study has shown that for the first time ever, those costs have fallen year-over-year. For seven years, Ponemon/IBM have been conducting their cost of a data breach study, and each year the costs of resolving data breaches has risen. However, this year, average breach resolution costs fell by around 10%. The...

Read More
Southern Oregon University Phishing Attack Results in Theft of $1.9 Million
Jun15

Southern Oregon University Phishing Attack Results in Theft of $1.9 Million

A Southern Oregon University phishing attack has resulted in the theft of $1.9 million from the university’s accounts – Arguably the worst phishing attack of the year to date. While the Southern Oregon University phishing attack stands out due to the amount of money obtained by the attackers, it is sadly just one of a large number of attacks that have affected U.S organizations this year. The scam is known as Business Email Compromise...

Read More
Patient Portal Security Flaw Exposed Data of Molina Healthcare Patients
May31

Patient Portal Security Flaw Exposed Data of Molina Healthcare Patients

A patient portal security flaw has resulted in the exposure of patient claims information. Claims information had been uploaded to the patient portal of the Long Beach, California-based managed care company Molina Healthcare; however, the information was accessible without any authentication checks. Patients who had been sent a link to their claims could click those links without any checks being performed to ensure they were the...

Read More
Children’s Mercy Hospital Alerts 5,500 Patients to a Potential PHI Breach
May31

Children’s Mercy Hospital Alerts 5,500 Patients to a Potential PHI Breach

Children’s Mercy Hospital in Kansas City has started notifying more than 5,500 patients that some of their electronic protected health information has been exposed online. Personally identifiable information and protected health information were discovered to have been uploaded to a website set up by one of the hospital’s physicians. The website was intended to serve as an educational resource. The physician had protected the...

Read More
Healthcare Data Breach Reporting Improves; IT Security Incidents Rise
May23

Healthcare Data Breach Reporting Improves; IT Security Incidents Rise

The monthly Breach Barometer Report from Protenus shows healthcare data breach reporting is improving, data breaches are down, and there was a significant reduction in healthcare data breach victims in April, 2017. The Health Insurance Portability and Accountability Act (HIPAA) places a time limit on reporting healthcare data breaches to the HHS’ Office for Civil Rights (OCR) and sending breach notifications to patients. That time...

Read More
True Health Diagnostics Website Flaw Exposes Patient Records
May09

True Health Diagnostics Website Flaw Exposes Patient Records

The health reports of patients of the True Health Group have been exposed online and were viewable by other patients for months – most likely years – due to a True Health Diagnostics website flaw. True Health Diagnostics is a Frisco, TX-based company that offers a wide range of testing procedures for genetic and other diseases. The company operates a web portal which patients can access to view their test results. Logging into...

Read More
March Sees Increase in Healthcare Data Breaches and Victim Count
Apr18

March Sees Increase in Healthcare Data Breaches and Victim Count

This year has seen healthcare data breaches remain steady for the first couple of months, although March saw the number of incidents rise and the severity of those incidents also increase. In January and February, 31 incidents occurred each month. In March, there were 39 reported incidents, according to the latest Breach Barometer healthcare data breach report from Protenus. The number of records exposed or stolen in those attacks...

Read More
Suspected Ransomware Attack Impacts Erie County Medical Center Patients
Apr12

Suspected Ransomware Attack Impacts Erie County Medical Center Patients

It has been a bad month for healthcare industry ransomware attacks and malware infections. A ransomware attack on Ashland Women’s Health was confirmed this week which impacted 19,272 patients and last week an ABCD pediatrics ransomware attack impacted 55,447 patients. On Sunday, another healthcare organization discovered a ‘virus’ had arrived via email and made its way onto the network. Erie County Medical Center in Buffalo, New York...

Read More
Ashland Women’s Health Ransomware Attack Confirmed
Apr12

Ashland Women’s Health Ransomware Attack Confirmed

The ransomware attacks on healthcare providers are continuing, with one of the latest victims a small one-practitioner gynecology practice in Ashland, Kentucky. Ashland Women’s Health recently informed the Department of Health and Human Services’ that the attack had potentially resulted in patients’ protected health information being accessed by the attackers. Ransomware attacks are reportable to OCR unless a healthcare provider can...

Read More
Study Analyses Hospital Data Breach Risk
Apr06

Study Analyses Hospital Data Breach Risk

A recent study published in JAMA Internal Medicine looked at the hospital data breach risk and determined which organizations are most at risk of experiencing data breaches. The researchers discovered that hospital data breach risk is positively linked with the size of the hospital. Larger hospitals are more likely to experience data breaches, as are hospitals with a strong focus on teaching. Smaller hospitals may have smaller budgets...

Read More
Ransomware Attack on ABCD Pediatrics Impacts 55,000 Patients
Apr05

Ransomware Attack on ABCD Pediatrics Impacts 55,000 Patients

The protected health information of more than 55,000 patients has potentially been compromised in a recent ransomware attack on ABCD Pediatrics. Attackers gained access to ABCD Pediatrics’ servers and Dharma ransomware was installed, resulting in the encryption of some PHI. Dharma ransomware is a variant of CrySiS ransomware. CrySiS ransomware was one of the most popular ransomware variants in 2016, although late last year ESET...

Read More
Med Center Health Data Breach Impacts 160,000 Patients
Mar24

Med Center Health Data Breach Impacts 160,000 Patients

The Federal Bureau of Investigation is investigating a major Med Center Health data breach that impacts many affiliates and around 160,000 patients. The Med Center Health data breach was not the result of hackers, instead data is believed to have been stolen by a former employee. The employee is understood to have taken a wide range of sensitive data including patients’ names, addresses, insurance details, procedure codes, billing...

Read More
Medical Records of 26 Million Healthcare Patients at Risk of Compromise
Mar21

Medical Records of 26 Million Healthcare Patients at Risk of Compromise

An IT system used by around 2,700 medical practices in the United Kingdom potentially allows the medical records of patients to be accessed by unauthorized individuals. The system –  SystmOne – is one of the most popular in the United Kingdom and contains the medical records of around 26 million UK patients. While the system is secure, if practices activate ‘enhanced data sharing’ the records contained in the system can be made...

Read More
Insider Healthcare Data Breaches Soar in February
Mar20

Insider Healthcare Data Breaches Soar in February

February saw a major increase in insider healthcare data breaches, according to the latest healthcare data breach report from Protenus. The February Breach Barometer report indicates there were 31 reported healthcare data breaches in February. While the figure is on a par with January, which also saw 31 healthcare data breaches reported, there was a significant rise in insider healthcare data breaches last month. Insider incidents...

Read More
Trust in Healthcare Providers High, Despite Increased Data Breaches
Feb24

Trust in Healthcare Providers High, Despite Increased Data Breaches

Trust in healthcare providers’ ability to keep the sensitive data of patients and health plan members secure remains high, even though the past two years have seen record numbers of healthcare data breaches reported. In 2015, more than 113 million healthcare records were exposed or stolen, and 2016 saw more healthcare data breaches discovered than in any other year since records first started being kept. According to a recent survey...

Read More
Largest Healthcare W-2 Phishing Scam of 2017: 17,000 Employees Impacted
Feb23

Largest Healthcare W-2 Phishing Scam of 2017: 17,000 Employees Impacted

The largest healthcare W-2 phishing scam of the year to date has recently been reported by American Senior Communities of Indiana. While many organizations have already reported being fooled by phishing emails this tax season, this was the largest healthcare W-2 phishing scam by some distance, impacting more than 17,000 of the organization’s employees. This year has already seen 74 organizations scammed, and that number is certain to...

Read More
Maryland Ransomware Bill Makes Attacks Felonies
Feb15

Maryland Ransomware Bill Makes Attacks Felonies

A new Maryland ransomware bill has been introduced that makes extortion using unauthorized software a criminal offense. The new Maryland ransomware bill introduces stiff penalties for ransomware attacks on companies based in the state as well as attacks on individuals. Cybercriminals that use ransomware to try to extort money from victims would be fined up to $10,000 for the attack and could face up to 10 years in jail. While the...

Read More
Google Removes Ransomware App from Its Play Store
Jan26

Google Removes Ransomware App from Its Play Store

An app in the Google Play store has been discovered to have been loaded with ransomware. Google has recently removed the ransomware app from its Play Store, although it is not known how many individuals have already been infected. The app in question is called EnergyRescue. The purpose of the app was to help users manage the use of their phone batteries. However, that was not the real purpose of the app. According to researchers at...

Read More
SEC Investigation of Yahoo Breach Launched
Jan25

SEC Investigation of Yahoo Breach Launched

The U.S. Securities and Exchange Commission will be investigating Yahoo over the two massive data breaches announced late last year. The SEC investigation of Yahoo will not be concerned with the controls put in place by the company to prevent data breaches, but whether Yahoo should have informed its investors of the breaches more quickly. In September, Yahoo announced that it had experienced a massive data breaches that had impacted...

Read More
Sentara Healthcare Data Breach Investigated
Jan16

Sentara Healthcare Data Breach Investigated

Sentara Healthcare is investigating a data breach suffered by one of its third-party vendors that resulted in patients’ protected health information being accessed by an unauthorized individual. Sentara Health was notified of a potential ePHI breach by law enforcement on November 17, 2016. An internal investigation was then immediately launched to determine the source of the breach, which led to one of its vendors. The vendor of the...

Read More
Ransomware Infection Impacting 19,000 Individuals Investigated by Highmark BCBS of Delaware
Jan15

Ransomware Infection Impacting 19,000 Individuals Investigated by Highmark BCBS of Delaware

A subcontractor of Highmark Blue Cross Blue Shield of Delaware has experienced a ransomware infection and cyberattack that has potentially compromised the personal information of approximately 19,000 beneficiaries of employer-paid health plans. The ransomware attack occurred at Highmark BCBS subcontractor Summit Reinsurance Services on August 5, 2016, although affected individuals have only just been notified of the incident. An...

Read More
ESEA Hacking Incident Results in Leaking of 1.5 Million Player Profiles
Jan09

ESEA Hacking Incident Results in Leaking of 1.5 Million Player Profiles

E-Sports Entertainment Association (ESEA) has announced it has been the victim of an extortion attempt after a hacker infiltrated one of its game servers. The ESEA hacking incident resulted in the theft of 1.5 million player profiles and other user data. The hack occurred on December 27, 2016. Access was gained to an ESEA game server, data were exfiltrated, and a $100,000 ransom demand was issued by the attacker. The hacker said that...

Read More
Los Angeles Valley College Ransomware Attack: 28K Paid for Key
Jan09

Los Angeles Valley College Ransomware Attack: 28K Paid for Key

A Los Angeles Valley College ransomware attack on January 6, 2017 resulted in student data being locked and 1,800 college administrators and teachers being prevented from gaining access to their computer system and essential files. Ransomware is malicious software that encrypts a wide range of file types, including databases. The data is not moved or copied, just renamed and encrypted. In order to unlock the encryption, a unique key...

Read More
Switcher Trojan Infects Wi-Fi Routers via Android Mobiles
Jan03

Switcher Trojan Infects Wi-Fi Routers via Android Mobiles

An incredibly dangerous new Trojan has been detected by Kaspersky Lab which is being used to attack Wi-Fi routers via Android devices. The new malware – named the Switcher Trojan – is currently only being used to attack routers in China, although Kaspersky Lab researchers warn that this new malware signals a dangerous new trend – One that could well become a global problem. The typical way that hackers gain control of Wi-Fi...

Read More
New Hampshire Hospital Data Breach Result of Human Error
Dec30

New Hampshire Hospital Data Breach Result of Human Error

A recent New Hampshire Hospital data breach has resulted in the disclosure of the protected health information of 15,000 patients. The Department of Health and Human Services (DHHS) psychiatric hospital data breach occurred in October last year. The person responsible for the breach was identified at the time, but the incident was not deemed to be severe and the attack went unreported. In October 2015, a patient of New Hampshire...

Read More
Yahoo Breach the Work of Cybercriminals with Nation-State Connections
Dec20

Yahoo Breach the Work of Cybercriminals with Nation-State Connections

Data from the Yahoo breach of 1 billion user accounts has already been sold on the black market on multiple occasions, according to InfoArmor. While Yahoo maintains that the attack was performed by a nation-state sponsored hacking group, InfoArmor’s research suggests otherwise and many security experts agree. Instead of a nation-state sponsored hacking group, it has been suggested that it was a criminal organization behind the attack,...

Read More
November 2016 Breach Barometer Report: Worst Month for Health Data Breaches
Dec16

November 2016 Breach Barometer Report: Worst Month for Health Data Breaches

The November 2016 Breach Barometer Report from Protenus provides a snapshot of the state of healthcare data security, cataloging the health data breaches that occurred last month. The report is released each month and provides a useful record of HIPAA breaches throughout the year. While the total number of health records exposed or stolen in November fell from the previous month, and November figures are the seventh lowest of the...

Read More
1Bn Accounts Compromised in 2013 Yahoo Cyberattack
Dec15

1Bn Accounts Compromised in 2013 Yahoo Cyberattack

In September 2016, Yahoo announced it had been hacked and half a billion accounts were compromised; however, yesterday it was revealed that a 2013 Yahoo cyberattack that was twice the size. The credentials of more than 1 billion users were reportedly stolen in the 2013 Yahoo cyberattack. The Yahoo cyberattack announced in September was the largest data breach ever reported. This was particularly bad news as the company had just agreed...

Read More
Madison County Pays $220,000 to Improve Defenses After Ransomware Attack
Dec14

Madison County Pays $220,000 to Improve Defenses After Ransomware Attack

The Madison County ransomware attack that took out many of the county’s computer systems last month could only be resolved by paying a $21,000 ransom as no viable backup existed. On the advice of the County’s insurance company, the ransom was paid. Madison County will not be required to cover the cost of the ransom, only the deductible. However, a ransomware attack costs considerably more to resolve than the cost of the ransom to...

Read More
Arkansas Sherriff’s Office Pays 3 Bitcoin Ransom to Unlock Files
Dec14

Arkansas Sherriff’s Office Pays 3 Bitcoin Ransom to Unlock Files

The cybercriminals behind a ransomware attack on an Arkansas Sherriff’s office have been paid 3 Bitcoin ($2,400) to supply the keys to decrypt files locked by the ransomware. The ransomware attack on the Carrol County Sheriff’s office occurred on December 5, 2016 and resulted in its computer systems being taken out of action for just under a week. The attackers used a fairly new ransomware variant called Dharma, which is from the same...

Read More
Dailymotion Cyberattack Impacts 85 Million Users
Dec06

Dailymotion Cyberattack Impacts 85 Million Users

According to LeakedSource, a recent Dailymotion cyberattack has resulted in email addresses, usernames, and passwords being obtained by hackers. Dailymotion is one of the leading web video platforms and is rated by Alexa as the 113th most popular website. In April 2015, the site attracted 148 million visitors. The Dailymotion cyberattack is understood to have occurred on or around October 20, 2016, which means account credentials may...

Read More
San Francisco Transport System Ransomware Attack Reported
Nov28

San Francisco Transport System Ransomware Attack Reported

A San Francisco Transport System ransomware attack occurred this weekend that resulted computers used by the city’s light rail system being encrypted. The attackers demanded a 100 Bitcoin ($70,000) ransom to supply the key to unlock the encryption. A statement released by the San Francisco Municipal Transportation Agency (SFMTA) confirmed that while the attack resulted in computer systems being taken out of action, transport was...

Read More
October Breach Barometer Shows Hacking and Malware Main Causes of Healthcare Data Breaches
Nov18

October Breach Barometer Shows Hacking and Malware Main Causes of Healthcare Data Breaches

Protenus has released its October Breach Barometer – a snapshot of healthcare data breaches that were reported last month. The report is a useful tool for tracking data security incidents and gives some insight into the main causes of healthcare data breaches in the United States. In the first half of the year healthcare data breaches increased steadily rising to a high of 42 incidents in August. In September, healthcare data breaches...

Read More
Facebook’s Darknet Password Buying Practice Revealed
Nov17

Facebook’s Darknet Password Buying Practice Revealed

The data obtained from cyberattacks is often listed for sale on Darknet marketplaces for cybercriminals to purchase, yet who actually buys these data? Passwords are bought by cybercriminals to gain access to users’ online accounts for a wide variety of nefarious activities, but it is not only criminals that are interested in these data. It has recently emerged that Facebook also buys stolen passwords. Facebook CSO Alex Stamos revealed...

Read More
Light Cast on Cause of the Tesco Bank Hack
Nov16

Light Cast on Cause of the Tesco Bank Hack

The cause of the Tesco bank hack is not yet known, although security firm Digital Shadows has been narrowing down the possible causes that led to the criminals siphoning off $3.1 million from customers’ bank accounts. Tesco believed up to 20,000 customers may have been affected by the cyberattack on November 5 and 6, although the investigation into the attack has revealed that around 9,000 customers had funds taken out of their...

Read More
Patients Informed of Seguin Dermatology Ransomware Attack
Nov15

Patients Informed of Seguin Dermatology Ransomware Attack

Patients have been warned of a Seguin Dermatology ransomware attack that may have resulted in their electronic protected health information being accessed by the attackers. The Texas dermatology clinic was attacked on or around September 12, 2016, although it took until October 26 for a full forensic analysis of the affected computer to be completed. The investigation of the attack did not confirm that patient data had been stolen,...

Read More
Massive FriendFinder Data Breach Announced: 412 Million Records Exposed
Nov15

Massive FriendFinder Data Breach Announced: 412 Million Records Exposed

A massive FriendFinder data breach has been discovered that impacts more than 412 million users of six adult-oriented friendship, dating, and porn websites. Six databases used by Friend Finder Network Inc., were hacked in October this year, with the hackers managing to steal credentials from hundreds of millions of accounts. The worst hit was the adult dating website Adultfriendfinder.com, which is touted as the world’s largest sex...

Read More
UK Healthcare Ransomware Attacks Soar
Nov11

UK Healthcare Ransomware Attacks Soar

The healthcare industry in the United States has been targeted by cybercriminals using ransomware; however, UK healthcare ransomware attacks are also on the rise. So far this year,  at least five National Health Service (NHS) Trusts have been attacked with ransomware. Those attacks have crippled hospitals’ computer systems and have had a major impact on patients. Operations and appointments have had to be cancelled after computer...

Read More
Hackers May Have Used Cookies for Persistent Access to Yahoo Accounts
Nov10

Hackers May Have Used Cookies for Persistent Access to Yahoo Accounts

Yahoo has revealed more about the massive data breach experienced in 2014 and says that in addition to the initial hack that provided hackers with users’ credentials, those actors may also have used cookies to bypass Yahoo security measures. This would have allowed the hackers to access users’ accounts for a considerable period of time after the initial attack. In a US Securities and Exchange Commission filing, Yahoo explained that...

Read More
2016: A Particularly Bad Year for Data Breaches
Nov10

2016: A Particularly Bad Year for Data Breaches

Take a look at any of the websites that track data breaches and one thing is clear: Data breaches are now occurring much more frequently than in previous years, even though organizations have increased cybersecurity budgets and are committing more resources to breach prevention. Since records of data breaches fist started being kept by the Identity Theft Resource Center (ITRC) in 2005, there have been 6,619 data breaches and more than...

Read More
Madison County Ransomware Attack: Ransom Paid to Unlock Files
Nov09

Madison County Ransomware Attack: Ransom Paid to Unlock Files

A Madison County ransomware attack over the weekend has resulted in most of the Indiana county’s computer systems being taken out of action, causing major disruption to county services. The ransomware is believed to have been installed on Saturday November 4, and was noticed by Central Dispatch after access to files could not be gained. The voting system was unaffected and emergency services continued to run as normal, although the...

Read More
BEC Attack on El Paso Resulted in Theft of $3.2 Million
Nov04

BEC Attack on El Paso Resulted in Theft of $3.2 Million

The threat from business email compromise attacks has been clearly highlighted by the recently discovered BEC attack on El Paso, TX. According to the Mayor of El Paso, Oscar Leeser, city officials notified law enforcement in October that employees had fallen for phishing scams. Those scams resulted in the attackers stealing $3.2 million in funds from the city. The BEC attack on El Paso was similar to numerous attacks that have taken...

Read More
Computer Virus Results in Cancellation of All Operations in Three UK Hospitals
Nov01

Computer Virus Results in Cancellation of All Operations in Three UK Hospitals

A National Health Service Trust in the United Kingdom has reported being attacked with a computer virus. The incident was so severe it has forced the Trust to shutdown the majority of its computer systems. Without access to computers, three NHS hospitals have had to cancel all scheduled operations on November 1. More than 1,000 appointments and scheduled operations were cancelled as a result of the infection. The virus was discovered...

Read More
UK Government to Commit £1.9bn to Cybersecurity Defenses
Oct31

UK Government to Commit £1.9bn to Cybersecurity Defenses

The increasing threat to the UK’s critical infrastructure has prompted the government to commit more funds to cybersecurity defenses. In a recent speech, the UK chancellor Phillip Hammond promised to spend a further £1.9 billion on defenses to prevent foreign attackers from conducting successful attacks. Hammond believes further investment is required in order for the UK to continue to be able to mount a defense against increasingly...

Read More
Hacktivist Indicted for Hospital DDoS Attacks
Oct27

Hacktivist Indicted for Hospital DDoS Attacks

DDoS attacks rarely result in prosecution; however, this week the hacktivist allegedly behind a series of major hospital DDoS attacks in 2014 has been indicted on charges of conspiracy and intent to cause damage to a protected computer. If convicted of he hospital DDoS attacks, the hacktivist faces up to 15 years in jail. Martin Gottesfeld from Somerville, Mass., is alleged to have been involved in a series of DDoS attacks on Boston...

Read More
4.3 Million IoT Devices Recalled in Effort to Curb DDoS Attacks
Oct26

4.3 Million IoT Devices Recalled in Effort to Curb DDoS Attacks

Hangzhou Xiongmai Technology – a major Chinese electronics company – has announced it is recalling thousands of IoT devices after they were hijacked by hackers and used in a spate of massive distributed denial of service (DDoS) attacks. Many of its devices have been added to the Mirai botnet – a network hundreds of thousands of IoT devices used to flood Internet services with traffic rendering them unavailable. The Mirai botnet...

Read More
Healthcare Industry at Risk from More than 200 Ransomware Families
Oct25

Healthcare Industry at Risk from More than 200 Ransomware Families

Healthcare ransomware attacks have increased dramatically in 2016, and so has the number of threats. While healthcare organizations work hard at improving their defenses to prevent ransomware attacks, ransomware authors have also been hard at work developing new variants that are harder to detect, incorporate more features, and wreak more havoc. The rise of ransomware has been tracked by security researchers from the...

Read More
Phishing Scam Fools Baystate Health Employees and Exposes PHI
Oct24

Phishing Scam Fools Baystate Health Employees and Exposes PHI

Phishing is a technique commonly used by cybercriminals as an easy way of gaining access to healthcare data. The aim of the scam is to convince individuals into revealing login credentials or infecting their computers with malware. Even when robust cybersecurity defenses are employed to prevent networks and databases from attack, those protections can easily be undone by employees. If employees can be convinced to click malicious...

Read More
Healthcare Data Breaches Occurring at an Alarming Rate
Oct21

Healthcare Data Breaches Occurring at an Alarming Rate

Healthcare data breaches are increasing at the year goes on, according to the latest Breach Barometer report from Protenus. As if the breach tally for the first half of 2016 was not bad enough, the second half of the year has been even worse. Protenus compiled a list of healthcare data breaches – with assistance provided by Databreaches.net – from the first half of the year which showed an average of 25.3 healthcare data...

Read More
Weebly Data Breach Impacts 43 Million Customers
Oct21

Weebly Data Breach Impacts 43 Million Customers

A massive Weebly data breach has been uncovered that impacts 43,430,316 customers who have previously created websites using the drag and drop website creation platform. The data breach is understood to have occurred around 8 months ago, although Weebly has only just been informed that it was attacked. Rapid action was taken to shore up security and protect customers. The security breach came to light after an anonymous individual...

Read More
Fall in Price of Health Data Likely to Mean Healthcare Cyberattacks
Oct20

Fall in Price of Health Data Likely to Mean Healthcare Cyberattacks

Supply of healthcare data is outstripping demand which has led to a drop in the price of health data on the darknet, according to studies conducted by the World Privacy Forum and the Institute for Critical Infrastructure Technology. The research suggests the average price of a full set of health records was between $75 to $100 per set last year. The price has now fallen to between $20 to $50 per set of records, which means a sizable...

Read More
2012 LinkedIn Data Breach: Suspect Arrested in Prague
Oct20

2012 LinkedIn Data Breach: Suspect Arrested in Prague

The 2012 LinkedIn data breach was one of the largest ever reported. More than 117 million user credentials were stolen in the attack. This year those records were listed for sale online, although the individuals behind the cyberattack has remained a mystery. The data were listed for sale on Darknet marketplace theRealDeal recently by a hacker going by the name Peace_of_Mind (Peace). However, it is unclear whether Peace was responsible...

Read More