Allscripts Facing Class Action Lawsuit Following Ransomware Attack
Jan31

Allscripts Facing Class Action Lawsuit Following Ransomware Attack

Allscripts experienced a ransomware attack at centers in Raleigh and Charlotte, NC, resulting in several applications remaining offline for as many as 1,500 clients. Florida-based Surfside Non-Surgical Orthopedics. has already begun legal action by filing a class action lawsuit against the EHR vendor. A new variety SamSam ransomware infected Allscripts, a provider of  EHR and e-prescription services to 2,500 hospitals and 19,000...

Read More
Breach Notification Bill Advanced by South Dakota Senate Attorney Judiciary Committee
Jan28

Breach Notification Bill Advanced by South Dakota Senate Attorney Judiciary Committee

A voted in favor of introducing data breach notification legislation has been overwhelmingly passed by the South Dakota Senate Attorney Judiciary Committee. The bill advanced after a 7-0 vote. It was originally introduced, at the request of the Attorney General Marty Jackley, by the Committee on Judiciary. Presently there are only two states left in the US that have yet to implement data breach legislation to secure state residents....

Read More
DC Assisted Living Facility Hit by Malware Breach Exposing 5,200 PHI Records
Jan28

DC Assisted Living Facility Hit by Malware Breach Exposing 5,200 PHI Records

A malware attack experienced at Westminster Ingleside King Farm Presbyterian Retirement Communities may have allowed the hackers to obtain the protected health information of thousands of its clients. The Washington D.C., located assisted living center had adapted a wide range of security solutions to stop unauthorized access to its systems, although on this occasion they were unable to prevent the attack. The malware was identified...

Read More
53,000 Pharmacy Patients have PHI Exposed in Email Hack
Jan25

53,000 Pharmacy Patients have PHI Exposed in Email Hack

Patients of Onco360 and CareMed Specialty Pharmacy have been notified that the PHI of 53,173 patients has been compromised due to a phishing attack. A security breach was discovered on November 14, 2017, when suspicious activity involving an member of staff’s email account was uncovered. Following the discovery third party computer forensics experts conducted an investigation to determine the manner and extent of the breach. It...

Read More
Unauthorized Palomar Health Nurse Viewed Medical Records of Over 1,300 Patients
Jan22

Unauthorized Palomar Health Nurse Viewed Medical Records of Over 1,300 Patients

A former nurse employed at Palomar Medical Center Escondido viewed, without authorization, the medical records of more than 1,300 patients who were receiving treatment at the hospital. Those affected are now being made aware of the breach. The breaches were experienced over a 15-month period from February 10, 2016 and May 7, 2017. The access that was not permitted was first seen when access logs were reviewed. The audit revealed a...

Read More
Hancock Health Hit by Ransomware Attack
Jan19

Hancock Health Hit by Ransomware Attack

Following a ransomware attack on Indiana-based organization Hancock Health last  Thursday, staff at the hospital had no choice but to move to using pen and paper to detail patient health information, while IT staff made efforts to obstruct the attack and regain access to encrypted files. The attack started around 9.30pm on Thursday night when files on its network started to be encrypted. The attack initially caused the network to run...

Read More

Registered Nurses ‘Happy’ With PHI Security According to University of Phoenix Survey

The results of a recent survey completed by the University of Phoenix College of Health Professions indicates registered nurses (RNs) are of the belief that their organization’s ability to prevent data breaches is of an acceptable level. The survey was transmitted to 504 permanent RNs and administrative workers across the USA. Respondents had held their position for a minimum of two years. Just under half of RNs (48%) and 57% of...

Read More
Coplin Health Systems Patients’ PHI Possibly Compromised by Laptop Theft
Jan17

Coplin Health Systems Patients’ PHI Possibly Compromised by Laptop Theft

43,000 patients of West Virginia-based Coplin Health Systems have been warned that their PHI may have been exposed following the theft of an unencrypted laptop computer from the vehicle of an worker at the organization. Coplin Health was discovered the laptop theft on November 2, 2017. The theft was then reported to law enforcement and an investigation was initiated, although at the time of sending the warnings, the laptop computer in...

Read More
Unencrypted Hard Drive Results in the PHI of 9387 Patients’ Being Exposed
Jan15

Unencrypted Hard Drive Results in the PHI of 9387 Patients’ Being Exposed

In late November, the Framingham, MA-based Charles River Medical Associates based practice discovered one of its external hard drives was missing from its usual location. The missing device contained x-ray images, names, patient ID numbers, and birth details. All patients who had visited the Framingham radiology lab for a bone density scan since 2010 had their x-ray images obtained – almost 9,400 individuals. The hard drive was...

Read More
PHI Breach at Oklahoma State University Center for Health Sciences
Jan13

PHI Breach at Oklahoma State University Center for Health Sciences

An unauthorized individual has gained access to parts of the Oklahoma State University Center for Health Sciences (OSUCHS) network and may have accessed files containing billing details of Medicaid patients. The security breach was uncovered on November 7, 2017 with access to the network terminated the next day. Third party computer forensics experts were employed to carry out a comprehensive investigation to determine which areas of...

Read More
Florida Agency for Health Care Administration Hit by Phishing Attack
Jan11

Florida Agency for Health Care Administration Hit by Phishing Attack

An unauthorized individual has gained access to a single email account of a staff member at the Agency for Health Care Administration in Florida using a phishing scam. The staff member was sent, and responded to, a malicious phishing email on November 15, 2017 and shared login details that permitted the attacker to remotely access his/her email account and, potentially, the protected health information of up to 30,000 Medicaid...

Read More
Compassion Care Hospice Cyber Attack Affects 1,128 Clients
Jan10

Compassion Care Hospice Cyber Attack Affects 1,128 Clients

The protected health information of 1,128 clients of Compassionate Care Hospice Las Vegas (CCHLV) may have been accessed by an unauthorized individual person. The person in question obtained gained access to the company’s may have viewed the content of the servers. CCHLV discovered the violation on Mits network on October 28, 2017. The server was accessed by an unauthorized individual. CCHLV hired a firm specializing in...

Read More
Unauthorized Person May have Accessed PHI of 1,128 CCHLV Patients
Jan08

Unauthorized Person May have Accessed PHI of 1,128 CCHLV Patients

It has been discovered that an unauthorized individual may have viewed the protected health information of 1,128 patients of Compassionate Care Hospice Las Vegas (CCHLV). During a review on October 28, 2017, CCHLV found that its systems had been accessed without authorization. After finding the breach, CCHLV brought in a third-party forensics company to conduct a thorough investigation to look into breach and identify exactly who may...

Read More
5,000 Members of Kaiser Permanente Notified of Two Security Incidents
Jan06

5,000 Members of Kaiser Permanente Notified of Two Security Incidents

Two security incidents have recently been reported to the Department of Health and Human Services’ Office for Civil Rights by Kaiser Permanente. Combined, more than 5,000 people have been affected by the two breaches. Those affected were clients of the Kaiser Foundation Group Health Plan. The most potentially dangerous incident, regarding the number of individuals harmed, was an email-related breach threatening 4,389 health plan...

Read More
Bronson Healthcare Group Phishing Attack Impacts 8,256 Patients
Jan06

Bronson Healthcare Group Phishing Attack Impacts 8,256 Patients

A recent Bronson Healthcare Group phishing attack has resulted in a hacker gaining access to the protected health information (PHI) of 8,256 patients. The attack allowed the hacker to gain access to the health system’s email system, which contained the names, medications, and treatment information of patients. No Social Security numbers or patients’ financial information was compromised, and its electronic medical record system was...

Read More
Employee-Related Data Breach at SSM Health Affects 29,000
Jan05

Employee-Related Data Breach at SSM Health Affects 29,000

It has been discovered that a former worker at the St. Louis, MO-based not-for-profit health system, SSM Health was accessing the health records of clients for 8 months despite not haveing any legitimate work reason. The individual worked in SSM Health’s customer service support  call center, and due to this, did not have permission to access financial information, only demographic, health, and clinical data. The access was discovered...

Read More
Sports Medicine Practice Hit by Two Hacking Attacks in 7 Days
Jan04

Sports Medicine Practice Hit by Two Hacking Attacks in 7 Days

A hacker has gained access to its systems and encrypted files with ransomware at a family and sports medicine practice based in Colorado. Longs Peak Family Practice (LPFP) in Longmont CO, discovered suspicious activity taking place on its internal network on November 5, 2017 and took quick measures to safeguard its systems. However, before the measure were in place, the attacker ran ransomware code which encrypted files on some parts...

Read More
24,000 Patients  Impacted by Emory Healthcare Data Violation
Jan03

24,000 Patients Impacted by Emory Healthcare Data Violation

It has been discovered that a former worker at Emory Healthcare (EHC) has obtained the protected health information of 24,000 EHC patients and uploaded the data to a Microsoft Office 365 OneDrive account, from where it was accessible by other people. The former worker was a physician at Emory Healthcare, who is now a staff member at the University of Arizona (UA) College of Medicine. EHC says client information was taken covertly and...

Read More
Cyberattack Affects Internal Access to Jones Memorial Hospital Servers
Jan02

Cyberattack Affects Internal Access to Jones Memorial Hospital Servers

University of Rochester Medicine’s Jones Memorial Hospital, located in Wellsville, New York is currently dealing with a cyberattack that has inflicted some unexpected downtime on the organization. The attack is believed to have begun on Wednesday December 27 and has caused disruption to some of its information servers. The details of the cyberattack is unclear and it has yet to be resolved. The cyberattack has been limited to Jones...

Read More
Access to Wager Evans Dental Records Denied for 5 Days After Ransomware Attack
Dec29

Access to Wager Evans Dental Records Denied for 5 Days After Ransomware Attack

Wager Evans Dental practice, based in Reno, NV, has experienced a ransomware attack that cut off access to dental records and images for five days towards the end of 2017. The ransomware attack happened on October 30, 2017. The ransomware software was installed on one computer and one server used by the Dental Clinic. Ransomware can be installed by hackers using many different methods, although most commonly attacks using email. That...

Read More
Nebraska Ransomware Attacks Compromised PHI of Almost 10,000 Patients
Dec27

Nebraska Ransomware Attacks Compromised PHI of Almost 10,000 Patients

A ransomware attack that targeted Columbus Surgery Center, LLC and Eye Physicians, P.C., in Columbus, Nebraska has potentially exposedin the protected health information of almost 10,000 clients. The ransomware attack took place on October 7, 2017 and saw a wide variety of files on some servers being encrypted by the ransomware. A ransom demand was made by the hackers, although this was not paid. The encrypted data was restored from a...

Read More
1,750 Patients Affected by Potential Data Theft Incident at Austin Manual Therapy
Dec21

1,750 Patients Affected by Potential Data Theft Incident at Austin Manual Therapy

1,750 patients have been notified that some of their protected health information may have been accessed and stolen by a criminal attacker who gained access to Austin Manual Therapy (AMT) systems. Following a forensic investigation, by a leading national cybersecurity team, it has been found that access was first gained on October 3, 2017 and continued until October 9, when the intrusion was found and blocked. In the the breach notice...

Read More
1,900 MidMichigan Medical Center Patients’ PHI Found after Breach
Dec21

1,900 MidMichigan Medical Center Patients’ PHI Found after Breach

MidMichigan Medical Center (MMC) in Alpena has made contact with patients to advise them of a possible breach of their health information, which may have literally benn blown into the hands of people unauthorized to view the information. Late on November 18, a MMC cardiologist moved patient files from the Alpena cardiology office without adequate authorization. The files were placed to the cardiologist’s vehicle in a storage container...

Read More
PHI of almost 7,000 Patients Exposed in Two Separate Breaches
Dec19

PHI of almost 7,000 Patients Exposed in Two Separate Breaches

A binder holding a log of presurgical insurance authorizations was accidentally recycled by a cleaning company contracted by NYU Langone Health System in October. The binder was holding records referring to around 2,000 patients. The binder had saved information including names, birth dates, dates of service, current procedural terminology code, diagnosis codes, insurer names, and insurance ID credentials. In some instances, short...

Read More
5,000 Patients’ PHI exposed in Two Separate Breaches
Dec18

5,000 Patients’ PHI exposed in Two Separate Breaches

Separate breaches of patients’ protected health information have been exposed at Midland Memorial Hospital in Midland, TX, and Washington Health System Greene in Waynesburg, PA. The Washington Health System Greene organization is contacting 4,145 patients to advise them that some of their protected health information has been exposed after a hard drive could not be found at their premises. An external hard drive used with a bone...

Read More
UNC Health Care Breach Potentially Impacts 24,000 Patients
Dec17

UNC Health Care Breach Potentially Impacts 24,000 Patients

A computer device belonging to UNC Dermatology & Skin Cancer Center in Chapel Hill, NC, has been stolen in a burglary, possibly exposing the protected health information of up to 24,000 patients of the clinic. Thieves removed the computer from the premised on October 8, 2017. UNC Health Care said the stolen computer contained a database on  that gathered the protected health information of patients who had previously been treated...

Read More
18,500 Patients PHI Exposed After Multiple Email Accounts Were Compromised
Dec14

18,500 Patients PHI Exposed After Multiple Email Accounts Were Compromised

The Detroit-based Henry Ford Health System has issued notifications to almost 18,500 patients that some of their PHI has potentially been seen by an unauthorized person. The PHI breach was discovered on October 3, 2017 when unauthorized access to the email accounts of several members of staff was detected. While protected health information was possible accessed or stolen, the health system’s EHR system was not accessed at any point....

Read More
Accessing Medical Records Without Authorization Leads to Hospital Employee Being Sacked
Dec13

Accessing Medical Records Without Authorization Leads to Hospital Employee Being Sacked

The medical histories of 769 patients at Lowell General Hospital have been accessed by an member of staff without any valid work reason. By accessing the medical records, the member of staff breached the Massachusetts- based hospital policies and violated the privacy of hospital patients. Once the breach was discovered, and completion of the following investigation, the employee was fired. Lowell General Hospital was content that only...

Read More
Healthcare Worker Stole PHI of 28,000 Health Care Services Patients
Dec12

Healthcare Worker Stole PHI of 28,000 Health Care Services Patients

Private documents holding the PHI of patients have been stolen by a former employee of the Center for Health Care Services (CHCS) in San Antonio, a provider of mental health treatment and support services for patients with intellectual and developmental disabilities. Notifications of the breach have been sent to 28,434 patients who received care at CHCS before the summer of 2016. The breach of PHI was only found on November 7, 2017,...

Read More
Pennsylvania Obs/Gyn Clinic PHI Breached Due to Improper Disposal
Dec11

Pennsylvania Obs/Gyn Clinic PHI Breached Due to Improper Disposal

Paper files from Women’s Health Consultants, an obstetrics and gynecology practice that had centers in South Whitehall Township and Hanover Township, PA  have been dumped at a recycling center in Allentown, Pennsylvania. The files – containing names, Social Security numbers, and medical histories, including details of cancer diagnoses and sexually transmitted diseases – seem to have come from the firm which is no longer...

Read More

PHI Breach at UAB Medicine Leaves 652 Potentially Exposed

In Birmingham, Alabama, the UAB Medicine Viral Hepatitis Clinic has discovered a breach of patients’ protected health information (PHI) that could have affected up to 652 patients. The group, UAB Medicine, uses flash drives to transfer information from its Fibroscan machine to a computer. Two flash drives were identified discovered as missing on October 25, 2017. The portable storage devices were used to hold a limited amount of PHI...

Read More
Personal Information of New York Pharmacy Customers Exposed in Improper Disposal Incident
Dec06

Personal Information of New York Pharmacy Customers Exposed in Improper Disposal Incident

A security breach, involving the improper disposal of a device used to capture customers’ signatures, has been encountered by ShopRite Supermarkets, Inc. The device in question was used at the ShopRite, Kingston, NY location between 2005 and 2015 and stored personal and medical data. Customers who attended the pharmacy and had prescriptions supplied between 2005 and 2015 have potentially been impacted by the exposure. For those...

Read More
Extortion Attempt on Sports Medicine Provider Exposes Private Data of 7,000 Individuals
Dec05

Extortion Attempt on Sports Medicine Provider Exposes Private Data of 7,000 Individuals

Sports Medicine & Rehabilitation Therapy (SMART), based in Massachusetts, has contacting 7,000 clients regarding a breach of their protected private health information that occurred in September 2017. Potentially, the breach impacted all clients whose data was saved during a visit to a SMART outlet prior to December 31, 2016. Hackers, in an extortion attempt, accessed SMART systems, allegedly stole private information, and asked...

Read More
Multiple Breaches Leads to $2m Fine for Cottage Health
Dec04

Multiple Breaches Leads to $2m Fine for Cottage Health

Cottage Health, the Santa Barbara-based healthcare provider, will pay $2 million to resolve multiple violations of state and federal laws as per a directive from the California attorney general’s office. The group was examined by the California attorney general’s office in relation to a breach of private patient data back in 2013. The breach of data was found by the organization on December 2, 2013, when someone made the healthcare...

Read More
Rocky Mountain Health Care Services has Second Unencrypted Laptop Stolen
Nov30

Rocky Mountain Health Care Services has Second Unencrypted Laptop Stolen

An unencrypted laptop has been stolen from one of its employees of Rocky Mountain Health Care Services of Colorado Springs. This is the second such incident to be identified in just three months. The most recent incident was identified on September 28. The laptop computer was seen to store the protected health information of a small number of patients. The types of data stored on the device included first and last names, addresses,...

Read More
Medical College of Wisconsin Phishing Attack Affects 9,500 Patients
Nov29

Medical College of Wisconsin Phishing Attack Affects 9,500 Patients

The exposure of approximately 9,500 patients’ protected health information at the Medical College of Wisconsin has been caused by a phishing attack. The attackers were able to gain access to several staff members’ email accounts, which included a variety of sensitive information of patients and some faculty employees. The types of data in the accessed email accounts included names, addresses, medical record numbers, dates of birth,...

Read More
Clinic Worker Who Stole PHI Jailed for Five Years
Nov27

Clinic Worker Who Stole PHI Jailed for Five Years

A staff member at a clinic who stole the protected health information of mentally ill patients and sold the data to identity thieves for profit has fail in an appeal to get a five-year jail term lessened. Jean Baptiste Alvarez, aged 43, of Aldan, PA, obtained daily census sheets from the Kirkbride Center, a 267-bed behavioral health care facility located in Philadelphia. The census sheets included all the information required to steal...

Read More
Suspected UPMC Susquehanna Phishing Attack Exposes 1,200 Patients’ PHI
Nov23

Suspected UPMC Susquehanna Phishing Attack Exposes 1,200 Patients’ PHI

A network of hospitals and medical centers in Williamsport, Wellsboro and Muncy in Pennsylvania, called UPMC Susquehannam has revealed that the protected health information of 1,200 patients has possibly been accessed by unauthorized people. Access to patient information is thought to have been obtained after an worker replied to a phishing email. While information regarding the breach date have not been published, UPMC Susquehanna...

Read More
Blue Cross and Blue Shield of Florida Breach Impacts Almost 1,000 People
Nov22

Blue Cross and Blue Shield of Florida Breach Impacts Almost 1,000 People

Blue Cross and Blue Shield of Florida, dba Florida Blue, has announced to the public that the personally identifiable information of a small number of insurance applicants has been improperly accessed online. Florida Blue discovered to the exposure of patient data in late August 2017 and immediately initiated a review. Florida Blue reports that the showed that 475 insurance applications had been saved to the cloud by an unaffiliated...

Read More
Protenus November Breach Baromoter Highlight Internal Breaches
Nov21

Protenus November Breach Baromoter Highlight Internal Breaches

Following an unusually bad September, healthcare data breach incidents fell to more typical levels, with 37 breaches tracked in October according to the November 2017 Healthcare Breach Barometer Report from Protenus. The Protenus monthly summary of healthcare data breaches collates incidents reported to the Department of Health and Human Services’ Office for Civil Rights (OCR), and incidents made public using media outlets and tracked...

Read More
New Jersey Medical Practice has Boxes of Medical Records Stolen
Nov21

New Jersey Medical Practice has Boxes of Medical Records Stolen

Otolaryngology Associates of Central Jersey is making contact with patients to advise them of breach of their protected health information, following a theft at an off-site storage service in East Brunswick, NJ. The thieves removed thirteen boxes of paper medical records from the service, which included data like names, addresses, health insurance account numbers, birth dates, dates of military duty served, and the names of treating...

Read More
Contacts Stolen and Spear Phishing Emails Sent by Ursnif Trojan
Nov17

Contacts Stolen and Spear Phishing Emails Sent by Ursnif Trojan

The financial sector banking Trojan Ursnif, one of the most commonly experienced banking Trojans, has before been used to attack banking institutions. However, it seems the individuals behind the malware have expanded their horizons, with cyberattacks now being carried out on a wide variety of groups across many different sectors, including healthcare. The new strain of the Ursnif Trojan was found by researchers at security firm...

Read More
CyberAttack Infection Found by Catholic Charities of the Diocese of Albany
Nov10

CyberAttack Infection Found by Catholic Charities of the Diocese of Albany

The Catholic Charities of the Diocese of Albany (CCDA) was performing an upgrade of its computer security software during August when it found malware on its systems. The software was discovered to have been placed on one of the computer servers located at its Glens Falls office, which provided treatment to based patients in Saratoga, Warren and Washington Counties in New York. They acted quickly was taken to block access to the...

Read More
Ransomware Attack Affects: 8,750 Patients According to Aging Agency
Nov09

Ransomware Attack Affects: 8,750 Patients According to Aging Agency

East Central Kansas Area Agency on Aging (ECKAAA), an Ottawa-based body, has reported that a ransomware attack, resulting in the encryption of files on one of the agency’s servers, has exposed files containing the protected health information (PHI) of approximately 8,750 patients. The cyberattack happened on September 5, 2017 and was immediately located by ECKAAA, which took swift moves to limit the spread of the infection. Dues to...

Read More
NY AG Brings in Stop Hacks and Improve Electronic Data Security Act (SHIELD Act)
Nov08

NY AG Brings in Stop Hacks and Improve Electronic Data Security Act (SHIELD Act)

Aiming to protect New Yorkers from unwelcome breaches of their personal information, The Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) has been introduced into the legislature in New York by Attorney General Eric T. Schneiderman. It is hoped that this Act with ensure that those affected will be notified when such breaches are incurred. Sponsored by Senator David Carlucci (D-Clarkstown) and Assembly member Brian...

Read More
Breach of PHI at Texas Children’s Health Plan After Staff Member Sent Emails to Personal Account
Nov07

Breach of PHI at Texas Children’s Health Plan After Staff Member Sent Emails to Personal Account

A breach of HIPPA has occurred at the Texas Children’s Health Plan after it has been found that the protected health information (PHI) of 932 clients has been emailed to the personal private email account of a former member of staff. The violation of privacy was incident was first seen on September 21, 2017, although it was discovered that the former member of staff emailed the private data in November and December 2016. The emails...

Read More
New Variant of WannaCry Ransomware Detected in FirstHealth CyberAttack
Nov03

New Variant of WannaCry Ransomware Detected in FirstHealth CyberAttack

A new variant of the WannaCry ransomware has been detected in a cyber attack on FirstHealth of the Carolinas, a Pinehurst, SC-based not for profit health provider. WannaCry ransomware came to global attention in cybers attacks in May 2017. In excess of 230,000 computers were infected within one day of the worldwide attacks starting. The ransomware variant had wormlike features and was capable of spreading quickly and affecting all...

Read More
PHI of 8,000 Possibly Exposed in Following Office Break In
Nov02

PHI of 8,000 Possibly Exposed in Following Office Break In

An office break in and subsequent computer theft has lead to the possible exposing of the protected health information (PHI) of up to 8,000 clients of Brevard Physician Associates. has been exposed after a desktop computer was stolen in a burglary. The break in happened on Labor Day September 4, 2017 when Brevard Physician Associates business premises was closed. Thieves gained access to the offices early that morning and illegally...

Read More
Consolidated Inc. Data Breach Impacts 21,856 People
Oct29

Consolidated Inc. Data Breach Impacts 21,856 People

Nebraska-based CBS Consolidated Inc., operating as Cornerstone Business & Management Solutions, completed a routine audit of system logs on July 10, 2017 and found an unfamiliar account on the server. Closer inspection of that account showed it was being used to download sensitive data from the server, including the protected health information of patients that used its medical supplies. 21,856 people who received durable medical...

Read More
3,725 Veterans Have Their PHI Exposed Due to Missing Laptop
Oct27

3,725 Veterans Have Their PHI Exposed Due to Missing Laptop

A laptop computer, no longer in use, owned by the Mann-Grandstaff VA Medical Center (MGVAMC) in Spokane, WA, has gone missing, potentially leading to the exposure of sensitive patient data. The laptop was linked to a hematology analyzer and held data related to hematology tests. The laptop was in operation between April 2013 and May 2016, but was put out of use when the device became unusable. The laptop, which had been purchased from...

Read More
Data Breaches Drop For Second Consecutive Month
Oct26

Data Breaches Drop For Second Consecutive Month

The latest report of the Breach Barometer from Protenus/Databreaches.net Healthcare shows that data violations have dropped for the second consecutive month, according to . In August, there were 33 reported healthcare data violations, down from 36 incidents in July and 56 in June. While the drop int he number of data breaches is encouraging, that is still more than one healthcare data breach per day. While it was the second best month...

Read More
Multiple Security Weaknesses in Alabama’s Medicaid Management Information System OIG Identified
Oct24

Multiple Security Weaknesses in Alabama’s Medicaid Management Information System OIG Identified

The HHS’ Office of Inspector General (OIG) has completed an audit of Alabama’s Medicaid data and information systems to adetermine whether the state was in compliance with federal regulations. The review included the Medicaid Management Information System (MMIS) and associated policies and processes. OIG also carried out a vulnerability scan on networked devices, databases, websites, and servers to identify vulnerabilities that could...

Read More
PHI of 10,500 Patients Found in Illinois Basement
Oct18

PHI of 10,500 Patients Found in Illinois Basement

The medical history of more than 10,000 patients have been discovered in a basement in Aurora, Illinois. The documentation was located at the house, rented from Naperville-based psychiatrist Dr. Riaz Baber, M.D., by the woman who rented it. The files had been stored in the basement for at least 4 years. The female tenant, Barbara Jarvis-Neavins, claims that she was given access to the basement by the psychiatrist’s wife when workmen...

Read More
51,000 Plan Subscribers Hit by Network Health Phishing Attack
Oct16

51,000 Plan Subscribers Hit by Network Health Phishing Attack

Network Health has advised 51,232 of its plan subscribers that some of their protected health information (PHI) has possibly been accessed by unauthorized people. In August 2017, some Network Health Wisconsin-based employees received sophisticated phishing emails. Two of those staff members responded to the scam email and divulged their login credentials to the attackers, who used the details to gain access to their private email...

Read More
Hacking Group ‘The Dark Overlord’ Attacks Another Healthcare Organization
Oct09

Hacking Group ‘The Dark Overlord’ Attacks Another Healthcare Organization

After a seemingly prolonged period of inactivity, the hacking group TheDarkOverlord has revealed another attack on a U.S. healthcare supplier, Mass-based SMART Physical Therapy (SMART PT). The hack reportedly happened on September 13, 2017, with the announcement of the data theft released by TDO on Twitter on Friday 22, 2017.  No details were given as to how access to the data was gained, although it was revealed to databreaches.net...

Read More
Catholic Charities of the Diocese of Albany Discovers Long-Term Malware Infection
Oct09

Catholic Charities of the Diocese of Albany Discovers Long-Term Malware Infection

Catholic Charities of the Diocese of Albany (CCDA) has discovered, during a software upgrade in August 2017, that malware  was installed on one of the computer servers used by its Glens Falls premise, which provides services in Saratoga, Warren and Washington Counties in New York. A quick response was taken to block access to the server and CCDA called in a computer security firm to carry out an investigation into the unauthorized...

Read More
128,000 Arkansas Patients Attacked by Ransomware
Oct05

128,000 Arkansas Patients Attacked by Ransomware

128,000 patients at the Arkansas Oral Facial Surgery Center in Fayetteville have had their private information potentially impacted following a a ransomware. Ransomware was believed to have been placed on its network between July 25 and 26, 2017. The attack was identified quickly, although not before files, x-ray images, and documents had been encrypted. The incident did not break through the encryption of its patient database, except...

Read More
Medical Records Illegally Acccessed at PeaceHealth Over Six-Year Period
Oct04

Medical Records Illegally Acccessed at PeaceHealth Over Six-Year Period

It has been discovered that the medical records of almost 2,000 patients was illegally accessed by a former employee at PeaceHealth, a not-for-profit Catholic health system based in Vancouver, WA.   The unauthorized access was identified by PeaceHealth on August 9, 2017, leading tyo an investigation. PeaceHealth found the inappropriate access started in November 2011 and went on until July 2017. The inquiry revealed that Social...

Read More
Ransomware and Phishing Rated Top Threats by IT Professionals
Oct03

Ransomware and Phishing Rated Top Threats by IT Professionals

A recent survey by Cyren, conducted by Osterman Research, has revealed the biggest concerns of IT professionals are ransomware and phishing. When asked about their biggest security concerns, 62% said ransomware, 61% said phishing, and 54% said data breaches. The survey also showed that investment in cyber defenses has increased, yet for many firms, even further investment in security solutions has failed to prevent data breaches. It...

Read More
1,140 Patients Have Private Data Violated at Our Lady of the Angels Hospital
Oct03

1,140 Patients Have Private Data Violated at Our Lady of the Angels Hospital

An investigation has show that a former member of staff obtained the medical records of 1,140 patients without authorization at Our Lady of the Angels Hospital. The former staff member had been granted access to the protected health information in order to conduct work duties; however, hospital staff found that the employee was accessing medical records without any acceptable work reason for doing so. The unauthorized access was found...

Read More
Mercy Health Love County Hospital Breach Might have Exposed Records of 13,000 Patients
Oct02

Mercy Health Love County Hospital Breach Might have Exposed Records of 13,000 Patients

The personal data of more than 13,000 patients at Mercy Health Love County Hospital in Oklahoma may have been breached. On June 23, 2017, the hospital found that an employee had stolen a laptop computer and paper records from a storage unit which was owned by the hospital. The breach notice broadcast by Mercy Health revealed that the records of 10 patients were taken from the device along with the laptop. The theft of PHI was first...

Read More

Hurricane Maria Disaster Zone: Partial HIPAA Privacy Rule Waiver Issued by HHS

A third HIPAA waiver has been issued by the U.S. Department of Health and Human Services, following applying two earlier partial waivers of HIPAA sanctions and penalties in areas affected by hurricanes previously in 2017. On this occasion the waiver is in relation to the Hurricane Maria disaster zone in Puerto Rico and the U.S. Virgin Islands. As with the waivers issued in relation to Hurricane Harvey and Hurricane Irma, the waiver...

Read More
Equifax Announces Second Data Breach Occurred Five Months Ago
Sep19

Equifax Announces Second Data Breach Occurred Five Months Ago

The Equifax data breach that exposed the records of 143 million consumers was not the only data breach the firm experienced this year. Equifax has said a second, earlier breach was discovered in March. A statement released by the credit monitoring agency says the two attacks were unrelated; however, Bloomberg suggests one person close to the investigation suggested both attacks were performed by the same individuals. It may be that...

Read More
Piriform Alerts Users That CCleaner Contained Malware
Sep19

Piriform Alerts Users That CCleaner Contained Malware

Piriform’s CCleaner, a free PC cleaning app with 130 million users around the world, has been discovered to contain malware. Researchers at Cisco Talos recently announced that CCleaner contains a backdoor that was inserted by hackers. The backdoor was present in two versions of the application – the 32-bit version of CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191. The backdoor was inserted into those versions at least a month before...

Read More
Beware of Equifax Data Breach Phishing Scams
Sep14

Beware of Equifax Data Breach Phishing Scams

Consumers are being warned to be on high alert for Equifax data breach phishing scams, telephone and text message scams, and fraudulent use of their sensitive information. Almost Half of All Americans Impacted by Equifax Data Breach The massive Equifax data breach has resulted in the personal information of almost half of the population of the United States being stolen. More than 143 million Americans have been impacted by the...

Read More
Equifax Data Breach Affects 143 Million Consumers
Sep10

Equifax Data Breach Affects 143 Million Consumers

A massive Equifax data breach has resulted in the exposure, and possible theft, of 143 million American’s records, including highly sensitive data such as Social Security numbers.  To put that figure into perspective, that’s virtually half the population of the United States. Hackers gained access to a website database via an unpatched vulnerability in a web application. Security experts are suggesting the vulnerability was in Apache...

Read More
Kaleida Health Suffers Second Phishing Attack in Space of 2 Months
Sep01

Kaleida Health Suffers Second Phishing Attack in Space of 2 Months

Kaleida Health has announced an employee has fallen for a phishing scam that resulted in the protected health information of 744 patients being exposed, and potentially obtained by an unauthorized individual. The phishing attack occurred on June 26, 2017 and resulted in access being gained to the employee’s email account. The email account contained a range of protected health information including names, medical record numbers,...

Read More
City of Hope Phishing Attack Impacts 3,400 Patients
Aug14

City of Hope Phishing Attack Impacts 3,400 Patients

A recent City of Hope phishing attack has potentially resulted in the PHI of 3,400 patients being accessed by cybercriminals. City of Hope employees were sent phishing emails on May 31 and June 2, 2017. Four employees responded to the emails and disclosed their email credentials to the attackers. Four email accounts were accessed by the attackers. While the email accounts contained sensitive information, City of Hope officials do not...

Read More
Mid-Year Healthcare Data Breach Report Shows Insiders Pose the Biggest Data Breach Risk
Aug03

Mid-Year Healthcare Data Breach Report Shows Insiders Pose the Biggest Data Breach Risk

Protenus has released its mid-year healthcare data breach report. The Breach Barometer reports chart the data breaches experienced by healthcare organizations each month and include data from the Office for Civil Rights and other verified sources. The mid-year data breach report is a summary of all breaches reported between January and June 2017. The mid-year healthcare data breach report shows that while the number of data breaches...

Read More
2,789 Patients’ PHI Compromised in Phishing Attack
Aug02

2,789 Patients’ PHI Compromised in Phishing Attack

Kaleida Health has announced that a phishing attack has resulted in an email account being compromised, and along with it, the protected health information of 2,789 of its patients. Kaleida Health became aware of the incident on May 24, 2017, and called on a computer forensics firm to assess which patients have been affected and the extent to which its systems had been compromised. The firm determined the attack was limited to one...

Read More
Anthem Inc Announces 18,580 Record Data Breach
Jul31

Anthem Inc Announces 18,580 Record Data Breach

Anthem Inc., has recently settled a class-action lawsuit filed by the victims of its 2015 data breach that saw 78.8 million health insurance records stolen by hackers. The insurer settled the case for $118 million. A month after the settlement was announced, the company has confirmed its plan members have been affected by another data breach. This time the insurance records of 18,580 individuals have been exposed. The breach occurred...

Read More
ITRC Report Shows Hacking Continues to be the Main Cause of Data Breaches
Jul21

ITRC Report Shows Hacking Continues to be the Main Cause of Data Breaches

The main cause of data breaches in the United States is still hacking according to a new report released by the Identity Theft Resource Center (ITRC). The report also shows that in the year to June 30, 2017, U.S data breaches have hit a record high, with 791 confirmed data breaches reported. The data breach count has increased by 29% since the report was issued last year, with ITRC expecting the data breaches to reach 1,500 by the end...

Read More
Ransomware Investigation Uncovered 15-Month Data Breach
Jul20

Ransomware Investigation Uncovered 15-Month Data Breach

When Peachtree Neurological Clinic was attacked with ransomware all was not lost as data were recoverable from backups; however, the ransomware investigation revealed something far worse. Its systems had been breached 15 months previously. The ransomware incident resulted in the encryption of the provider’s electronic medical records. A ransom demand was issued. Payment was required in exchange for the keys to unlock the encryption....

Read More
UK Hospital Cybersecurity Funding to Increase by £21 Million
Jul16

UK Hospital Cybersecurity Funding to Increase by £21 Million

Hospital cybersecurity funding has been increased in the UK in the wake of the recent WannaCry ransomware attacks that crippled parts of the NHS. Health Secretary Jeremy Hunt has pledged a further £21 million ($27 million) will be made available to 27 major trauma centers in the UK to improve their cybersecurity protections. The additional hospital cybersecurity funding is intended to make it harder for hospitals to be attacked with...

Read More
$115 Million Anthem Data Breach Settlement Agreed
Jun27

$115 Million Anthem Data Breach Settlement Agreed

A $115 million Anthem data breach settlement has been agreed in the consolidated data breach case filed on behalf of the 78.8 million victims of the firm’s 2015 data breach. If the Anthem data breach settlement is approved by the judge presiding over the case it will be a record-breaker – The largest data breach settlement ever reached. That said, the amount each victim will receive will be low. Lawyers will take one third of the...

Read More
Healthcare Data Breach Resolution Costs Fall
Jun26

Healthcare Data Breach Resolution Costs Fall

Healthcare data breach resolution costs are still higher than all other industries, but the latest Ponemon Institute/IBM Security study has shown that for the first time ever, those costs have fallen year-over-year. For seven years, Ponemon/IBM have been conducting their cost of a data breach study, and each year the costs of resolving data breaches has risen. However, this year, average breach resolution costs fell by around 10%. The...

Read More
Southern Oregon University Phishing Attack Results in Theft of $1.9 Million
Jun15

Southern Oregon University Phishing Attack Results in Theft of $1.9 Million

A Southern Oregon University phishing attack has resulted in the theft of $1.9 million from the university’s accounts – Arguably the worst phishing attack of the year to date. While the Southern Oregon University phishing attack stands out due to the amount of money obtained by the attackers, it is sadly just one of a large number of attacks that have affected U.S organizations this year. The scam is known as Business Email Compromise...

Read More
Patient Portal Security Flaw Exposed Data of Molina Healthcare Patients
May31

Patient Portal Security Flaw Exposed Data of Molina Healthcare Patients

A patient portal security flaw has resulted in the exposure of patient claims information. Claims information had been uploaded to the patient portal of the Long Beach, California-based managed care company Molina Healthcare; however, the information was accessible without any authentication checks. Patients who had been sent a link to their claims could click those links without any checks being performed to ensure they were the...

Read More
Children’s Mercy Hospital Alerts 5,500 Patients to a Potential PHI Breach
May31

Children’s Mercy Hospital Alerts 5,500 Patients to a Potential PHI Breach

Children’s Mercy Hospital in Kansas City has started notifying more than 5,500 patients that some of their electronic protected health information has been exposed online. Personally identifiable information and protected health information were discovered to have been uploaded to a website set up by one of the hospital’s physicians. The website was intended to serve as an educational resource. The physician had protected the...

Read More
Healthcare Data Breach Reporting Improves; IT Security Incidents Rise
May23

Healthcare Data Breach Reporting Improves; IT Security Incidents Rise

The monthly Breach Barometer Report from Protenus shows healthcare data breach reporting is improving, data breaches are down, and there was a significant reduction in healthcare data breach victims in April, 2017. The Health Insurance Portability and Accountability Act (HIPAA) places a time limit on reporting healthcare data breaches to the HHS’ Office for Civil Rights (OCR) and sending breach notifications to patients. That time...

Read More
True Health Diagnostics Website Flaw Exposes Patient Records
May09

True Health Diagnostics Website Flaw Exposes Patient Records

The health reports of patients of the True Health Group have been exposed online and were viewable by other patients for months – most likely years – due to a True Health Diagnostics website flaw. True Health Diagnostics is a Frisco, TX-based company that offers a wide range of testing procedures for genetic and other diseases. The company operates a web portal which patients can access to view their test results. Logging into...

Read More
March Sees Increase in Healthcare Data Breaches and Victim Count
Apr18

March Sees Increase in Healthcare Data Breaches and Victim Count

This year has seen healthcare data breaches remain steady for the first couple of months, although March saw the number of incidents rise and the severity of those incidents also increase. In January and February, 31 incidents occurred each month. In March, there were 39 reported incidents, according to the latest Breach Barometer healthcare data breach report from Protenus. The number of records exposed or stolen in those attacks...

Read More
Suspected Ransomware Attack Impacts Erie County Medical Center Patients
Apr12

Suspected Ransomware Attack Impacts Erie County Medical Center Patients

It has been a bad month for healthcare industry ransomware attacks and malware infections. A ransomware attack on Ashland Women’s Health was confirmed this week which impacted 19,272 patients and last week an ABCD pediatrics ransomware attack impacted 55,447 patients. On Sunday, another healthcare organization discovered a ‘virus’ had arrived via email and made its way onto the network. Erie County Medical Center in Buffalo, New York...

Read More
Ashland Women’s Health Ransomware Attack Confirmed
Apr12

Ashland Women’s Health Ransomware Attack Confirmed

The ransomware attacks on healthcare providers are continuing, with one of the latest victims a small one-practitioner gynecology practice in Ashland, Kentucky. Ashland Women’s Health recently informed the Department of Health and Human Services’ that the attack had potentially resulted in patients’ protected health information being accessed by the attackers. Ransomware attacks are reportable to OCR unless a healthcare provider can...

Read More
Study Analyses Hospital Data Breach Risk
Apr06

Study Analyses Hospital Data Breach Risk

A recent study published in JAMA Internal Medicine looked at the hospital data breach risk and determined which organizations are most at risk of experiencing data breaches. The researchers discovered that hospital data breach risk is positively linked with the size of the hospital. Larger hospitals are more likely to experience data breaches, as are hospitals with a strong focus on teaching. Smaller hospitals may have smaller budgets...

Read More
Ransomware Attack on ABCD Pediatrics Impacts 55,000 Patients
Apr05

Ransomware Attack on ABCD Pediatrics Impacts 55,000 Patients

The protected health information of more than 55,000 patients has potentially been compromised in a recent ransomware attack on ABCD Pediatrics. Attackers gained access to ABCD Pediatrics’ servers and Dharma ransomware was installed, resulting in the encryption of some PHI. Dharma ransomware is a variant of CrySiS ransomware. CrySiS ransomware was one of the most popular ransomware variants in 2016, although late last year ESET...

Read More
Med Center Health Data Breach Impacts 160,000 Patients
Mar24

Med Center Health Data Breach Impacts 160,000 Patients

The Federal Bureau of Investigation is investigating a major Med Center Health data breach that impacts many affiliates and around 160,000 patients. The Med Center Health data breach was not the result of hackers, instead data is believed to have been stolen by a former employee. The employee is understood to have taken a wide range of sensitive data including patients’ names, addresses, insurance details, procedure codes, billing...

Read More
Medical Records of 26 Million Healthcare Patients at Risk of Compromise
Mar21

Medical Records of 26 Million Healthcare Patients at Risk of Compromise

An IT system used by around 2,700 medical practices in the United Kingdom potentially allows the medical records of patients to be accessed by unauthorized individuals. The system –  SystmOne – is one of the most popular in the United Kingdom and contains the medical records of around 26 million UK patients. While the system is secure, if practices activate ‘enhanced data sharing’ the records contained in the system can be made...

Read More
Insider Healthcare Data Breaches Soar in February
Mar20

Insider Healthcare Data Breaches Soar in February

February saw a major increase in insider healthcare data breaches, according to the latest healthcare data breach report from Protenus. The February Breach Barometer report indicates there were 31 reported healthcare data breaches in February. While the figure is on a par with January, which also saw 31 healthcare data breaches reported, there was a significant rise in insider healthcare data breaches last month. Insider incidents...

Read More
Trust in Healthcare Providers High, Despite Increased Data Breaches
Feb24

Trust in Healthcare Providers High, Despite Increased Data Breaches

Trust in healthcare providers’ ability to keep the sensitive data of patients and health plan members secure remains high, even though the past two years have seen record numbers of healthcare data breaches reported. In 2015, more than 113 million healthcare records were exposed or stolen, and 2016 saw more healthcare data breaches discovered than in any other year since records first started being kept. According to a recent survey...

Read More
Largest Healthcare W-2 Phishing Scam of 2017: 17,000 Employees Impacted
Feb23

Largest Healthcare W-2 Phishing Scam of 2017: 17,000 Employees Impacted

The largest healthcare W-2 phishing scam of the year to date has recently been reported by American Senior Communities of Indiana. While many organizations have already reported being fooled by phishing emails this tax season, this was the largest healthcare W-2 phishing scam by some distance, impacting more than 17,000 of the organization’s employees. This year has already seen 74 organizations scammed, and that number is certain to...

Read More
Maryland Ransomware Bill Makes Attacks Felonies
Feb15

Maryland Ransomware Bill Makes Attacks Felonies

A new Maryland ransomware bill has been introduced that makes extortion using unauthorized software a criminal offense. The new Maryland ransomware bill introduces stiff penalties for ransomware attacks on companies based in the state as well as attacks on individuals. Cybercriminals that use ransomware to try to extort money from victims would be fined up to $10,000 for the attack and could face up to 10 years in jail. While the...

Read More
Google Removes Ransomware App from Its Play Store
Jan26

Google Removes Ransomware App from Its Play Store

An app in the Google Play store has been discovered to have been loaded with ransomware. Google has recently removed the ransomware app from its Play Store, although it is not known how many individuals have already been infected. The app in question is called EnergyRescue. The purpose of the app was to help users manage the use of their phone batteries. However, that was not the real purpose of the app. According to researchers at...

Read More
SEC Investigation of Yahoo Breach Launched
Jan25

SEC Investigation of Yahoo Breach Launched

The U.S. Securities and Exchange Commission will be investigating Yahoo over the two massive data breaches announced late last year. The SEC investigation of Yahoo will not be concerned with the controls put in place by the company to prevent data breaches, but whether Yahoo should have informed its investors of the breaches more quickly. In September, Yahoo announced that it had experienced a massive data breaches that had impacted...

Read More
Sentara Healthcare Data Breach Investigated
Jan16

Sentara Healthcare Data Breach Investigated

Sentara Healthcare is investigating a data breach suffered by one of its third-party vendors that resulted in patients’ protected health information being accessed by an unauthorized individual. Sentara Health was notified of a potential ePHI breach by law enforcement on November 17, 2016. An internal investigation was then immediately launched to determine the source of the breach, which led to one of its vendors. The vendor of the...

Read More
Ransomware Infection Impacting 19,000 Individuals Investigated by Highmark BCBS of Delaware
Jan15

Ransomware Infection Impacting 19,000 Individuals Investigated by Highmark BCBS of Delaware

A subcontractor of Highmark Blue Cross Blue Shield of Delaware has experienced a ransomware infection and cyberattack that has potentially compromised the personal information of approximately 19,000 beneficiaries of employer-paid health plans. The ransomware attack occurred at Highmark BCBS subcontractor Summit Reinsurance Services on August 5, 2016, although affected individuals have only just been notified of the incident. An...

Read More
ESEA Hacking Incident Results in Leaking of 1.5 Million Player Profiles
Jan09

ESEA Hacking Incident Results in Leaking of 1.5 Million Player Profiles

E-Sports Entertainment Association (ESEA) has announced it has been the victim of an extortion attempt after a hacker infiltrated one of its game servers. The ESEA hacking incident resulted in the theft of 1.5 million player profiles and other user data. The hack occurred on December 27, 2016. Access was gained to an ESEA game server, data were exfiltrated, and a $100,000 ransom demand was issued by the attacker. The hacker said that...

Read More
Los Angeles Valley College Ransomware Attack: 28K Paid for Key
Jan09

Los Angeles Valley College Ransomware Attack: 28K Paid for Key

A Los Angeles Valley College ransomware attack on January 6, 2017 resulted in student data being locked and 1,800 college administrators and teachers being prevented from gaining access to their computer system and essential files. Ransomware is malicious software that encrypts a wide range of file types, including databases. The data is not moved or copied, just renamed and encrypted. In order to unlock the encryption, a unique key...

Read More
Switcher Trojan Infects Wi-Fi Routers via Android Mobiles
Jan03

Switcher Trojan Infects Wi-Fi Routers via Android Mobiles

An incredibly dangerous new Trojan has been detected by Kaspersky Lab which is being used to attack Wi-Fi routers via Android devices. The new malware – named the Switcher Trojan – is currently only being used to attack routers in China, although Kaspersky Lab researchers warn that this new malware signals a dangerous new trend – One that could well become a global problem. The typical way that hackers gain control of Wi-Fi...

Read More
New Hampshire Hospital Data Breach Result of Human Error
Dec30

New Hampshire Hospital Data Breach Result of Human Error

A recent New Hampshire Hospital data breach has resulted in the disclosure of the protected health information of 15,000 patients. The Department of Health and Human Services (DHHS) psychiatric hospital data breach occurred in October last year. The person responsible for the breach was identified at the time, but the incident was not deemed to be severe and the attack went unreported. In October 2015, a patient of New Hampshire...

Read More