DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Bits ‘n Pieces

Posted on June 26, 2021 by Dissent

Aultman Health Foundation Notifying Patients of  Insider-Wrongdoing

The Ohio foundation is notifying approximately 7,000 patients that a former employee accessed their records without business need.

HOYA Optical Labs of America Notifying Patients of Ransomware Incident

As first reported by HealthITSecurity, the Japanese-headquartered firm notified 3,259 U.S. patients of a ransomware incident. The incident occurred in March and was discovered in April. To their credit, they informed those affected that the stolen data had been published by the threat actors.

Implementing the HIPAA Security Rule: Call for Comments Extended to July 9th

The National Institute of Standards and Technology (NIST) has extended the due date to July 9, 2021, for providing comments on NIST Special Publication (SP) 800-66 Revision 1, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (“Resource Guide”). See the call for comments for more details and instructions for submitting comments.

Care N’ Care Insurance Company of North Carolina, Inc. d/b/a HealthTeam Advantage (“HealthTeam Advantage”) Notifies Members of Beacon Health Solutions Breach

DataBreaches.net had first noted the Beacon Health Solutions breach in a November, 2020  report after it appeared on REvil’s dedicated leak site in October. We later learned that Beacon notified HHS on December 11, 2020, but their report claimed 500 patients impacted, which seemed significantly less than what had been publicly dumped by threat actors.  In April, BHS issued a press release that this site reported and criticized for claiming that they first discovered the breach on January 29.

This week, Care N’ Care Insurance Company of North Carolina, Inc. d/b/a HealthTeam Advantage (“HealthTeam Advantage”) disclosed that they were impacted by the breach. Their notice stated, in part, “Prior to the issue being discovered, certain member information may have been compromised.”  “May have been?” Beacon Health Solutions doesn’t know for sure?

Two More Entities Disclose Impact from Elekta Breach 

Health Team Advantage wasn’t the only covered entity first disclosing this week that they had been impacted by a business associate breach months ago.  Renown Health disclosed that they had been impacted by the Elekta breach first mentioned on this site in April. The Swedish radiology software provider incident impacted a number of covered entities, and Renown Health wasn’t the only entity to issue a notification this month — Cancer Centers of Southwest Oklahoma also issued a notification.

Twin Med LLC Notifies Employees of Breach

Sometimes it’s the employees and not the patients…   Twin Med LLC in California is notifying 366 employees of unauthorized access to some of their information in its systems between September 28, 2020 and October 4, 2020.

CaptureRx Notifies More Impacted Entities and Patients, Updates Numbers Again

DataBreaches.net has continued to track reports stemming from a breach of NEC Networks LLC dba CaptureRx, a special pharmacy benefits provider. In May, CaptureRx had indicated that 1,919,938 people had been impacted. In an updated filng this week, however, they reported the number now stands at 2,420,141.

Send in the Lawyers or Regulators

Scripps Health faces four class-action suits citing ransomware records breach

Two such proceedings were filed in federal court on Monday and have been added to the two cases already in state court books since early June. Everything makes essentially the same basic claim: Scripps failed to meet its obligations to protect patient information, exposing patients to potential fallouts from personal information theft to medical fraud.

Colonial Pipeline Sued for Gas Crisis From Ransomware Attack

Colonial Pipeline Co. was sued by a gas station seeking to represent thousands more over the ransomware attack in May that paralyzed the U.S. East Coast’s flow of gasoline, diesel and jet fuel.

EZ Mart 1 LLC, a two-pump station in Wilmington, North Carolina, buys its fuel from a distributor supplied by Colonial, according to a complaint filed Monday in federal court in Georgia.

SEC Investigating Companies’ Handling of SolarWinds Attack

The SEC is seeking to determine whether public-company victims made appropriate disclosures to investors, if there was suspicious trading related to the cyberattack and whether private data was compromised.

Related posts:

  • Will Beacon Health Solutions’ incident prompt OCR to start enforcing notification “without undue delay?”
  • Beacon Health System notifies patients after phishing attack (update2)
  • Stanford researchers identify potential security hole in genomic data-sharing network
  • Connexin Software notifies parents of 2.2 million pediatric patients of hack
Category: Breach IncidentsBreach LawsCommentaries and AnalysesFederalHealth DataHIPAAU.S.

Post navigation

← Mercedes-Benz data breach exposes SSNs, credit card numbers
Bits ‘n Pieces, Part 2: Some Non-U.S. Incidents (updated) →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Nestle USA Settles Suit Over Job-Application Medical Questions
  • NY Attorney General James Affirms Hospitals Must Provide Access to Emergency Abortion Care
  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.