On July 13, DataBreaches reported that the Stormous gang claimed to have exfiltrated 600,000 patients’ records from North Country Healthcare (NCH) in Arizona. At the time they provided a small sample of records in .csv format and indicated that they were going to leak 100,000 records for free and sell the other 500,000 records. Because…
Category: Health Data
Texas Enacts Electronic Health Record Data Localization Law
Hunton Andrews Kurth writes: Texas Governor Greg Abbott recently signed into law S.B. 1188, a bill that regulates the security and storage of electronic health record data and the deployment of artificial intelligence (“AI”) in the health care context. The law creates a data localization requirement, obligating covered entities to physically maintain electronic health records in…
70% of healthcare cyberattacks result in delayed patient care, report finds
Chad Van Alstin reports: Last year, 92% of all healthcare organizations—systems, hospitals, and provider groups—were targeted by a cyberattack, according to a new report from vendor Fortified Health Security. Further, 70% of those that reported experiencing an incident said patient care was impacted in some form, signaling that even an unsuccessful data breach can result in…
Multiple lawsuits filed against Doyon Ltd over April 2024 data breach and late notification
KUAC reports: Multiple class action lawsuits recently filed in federal court claim an Interior Alaska Native Corporation failed to take reasonable steps to protect personal data from a cyberattack last year. Court filings show at least four different plaintiffs have lodged a complaint against Doyon, Ltd., in Alaska District Court since mid-June, on behalf of…
Avantic Medical Lab hacked; patient data leaked by Everest Group
On June 10, the Everest Group added a listing for Avantic Medical Lab to its leak site, accompanied by a one-week countdown clock and four screenshots containing patient information as proof of the claims. When the attack first occurred, and whether Everest had contacted Avantic before June 10, is unknown to DataBreaches, but on June…
Integrated Oncology Network victim of phishing attack; multiple locations affected (2)
HHS added ten listings to its public leak site today, all of which are part of the Integrated Oncology Network (“ION”). See updates to 22 listings. According to its substitute notice, on May 9, ION concluded an investigation of a phishing incident that occurred between December 13 and December 16, 2024. The incident resulted in…