DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

New details emerge on Siouxland Pain Clinic breach (updated)

Posted on August 4, 2015 by Dissent

On August 1, I noted some media reports about a breach at the Siouxland Pain Clinic. As I mentioned, the reports raised more questions than they answered. Mike Bell of the Sioux City Journal now has a few more details:

Siouxland Pain Clinic sent letters Friday to more than 13,000 patients that their medical and other personal information may have been exposed in a hacking attack, a lawyer for the clinic said Monday.

“We never did prove that any information was taken, but we could not disprove that, either,” said Lonnie Braun, an attorney in Rapid City, S.D.

Braun said patients’ names, medical information, Social Security numbers and addresses may have been compromised when the clinic’s server was hacked between March 26 and April 2.

As to how the clinic learned of the breach, well, it’s still not clear who notified them. Bell reports:

The clinic was notified of the breach June 26. Braun said the firm that discovered it said the investigation showed the hackers were Chinese.

So it was an external party that alerted them to the breach on June 26? If so, the patients are lucky that the breach didn’t go undetected for even longer.

Read more on Sioux City Journal.

As of this morning, there is still no notice linked from the clinic’s home page, and the incident is not yet up on HHS’s public breach tool. Nor can I find any substitute notices, although Google is not great about indexing classifieds/legal notices, so it may have appeared in local media already.

It is somewhat surprising that the clinic is not offering patients free credit monitoring services if Social Security numbers were involved. Although not all entities do that, it seems like a good litigation defense in terms of mitigation and it’s better from a public relations perspective to do something to help patients instead of just leaving them to arrange for monitoring at their own expense.

Update: the incident was reported to HHS on July 31st by Siouxland Anesthesiology, Ltd.

Category: HackHealth DataOf NoteU.S.

Post navigation

← Miami-Dade County Brothers Sentenced to 70 Months in Prison for Identity Theft Schemes Involving Unemployment Insurance Fraud and Federal and State Tax Fraud
UK: Bodmin College website offline after it was hacked with obscenities →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Why Dumping Sensitive Data on Network Shares is a Liability
  • A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks
  • Pro-Russian hackers disrupt Dutch government websites ahead of NATO summit
  • Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games
  • UK: Oxford City Council still investigating cyberattack from earlier this month
  • Steelmaker Nucor Says Hackers Stole Data in Recent Attack
  • People’s Republic of China cyber threat activity: Cyber Threat Bulletin
  • Ukrainian Web3 security auditing company Hacken suffered an attack that allowed a hacker to create 900 million HAI tokens
  • McLaren provides written notice to 743,131 patients after ransomware attack in July 2024 (2)
  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.