From the Office of Information Security / HHS and the Health Sector Cybersecurity Coordination Center: Data Exfiltration Trends in Healthcare March 9, 2023
Author: Dissent
Another ransomware attack results in a HIPAA breach: Florida Medical Center
In a notice issued yesterday, Florida Medical Clinic (“FMC”) confirmed that unauthorized individuals gained access to its computer network and used ransomware to encrypt files. FMC detected suspicious activity on January 9, 2023, and the incident was fully contained within hours. FMC states they were able to “proactively isolate the exposure.” DataBreaches has sent them…
Bone & Joint Clinic reports “network disruption” caused HIPAA breach of employee and patient information
Update of March 16: This was reported to HHS as affecting 105,094 patients. Bone & Joint has not replied to DataBreaches’ inquiry as to whether this was a ransomware incident or not. The Bone & Joint Clinic in Wisconsin has notified current and former employees as well as current and former patients of a data…
UNC data leak exposes more than 1,000 Social Security numbers
WRAL reports: A data leak at the University of North Carolina at Chapel Hill has exposed more than 1,000 Social Security numbers. The university said human error played a role in tax forms that were sent to the wrong people. The leak happened in late January. It included names, addresses, Social Security numbers and tax…
3,400 death registry records accessed in Hawaii Department of Health data security breach
We do not see many breach notifications from Hawaii, but KHON made us aware of this reminder to disable access when an external employee terminates employment: HONOLULU, HI – The Hawai‘i Department of Health (DOH) will send out notification letters regarding unauthorized access to the DOH Electronic Death Registry System (EDRS), by the end of…
SEC Charges Software Company Blackbaud Inc. for Misleading Disclosures About Ransomware Attack That Impacted Charitable Donors
Washington D.C., March 9, 2023 — The Securities and Exchange Commission today announced that Blackbaud Inc., a South Carolina-based public company that provides donor data management software to non-profit organizations, agreed to pay $3 million to settle charges for making misleading disclosures about a 2020 ransomware attack that impacted more than 13,000 customers. The SEC’s…