In 2017, Dameron Hospital in Texas reported a breach to the California Attorney General’s Office. No copy of its breach notification was uploaded to California’s breach site, and Dameron did not respond to this site’s email asking for details of the breach. The incident never appeared on HHS’s public breach tool, so we never found…
Category: Health Data
Vitenas Cosmetic Surgery patient data hacked and leaked
From the We-Wish-This-Was-An-April-Fools-Joke-But-It’s-Not department: It appears that another plastic surgery entity has fallen prey to a cyberattack, and once again, a lot of sensitive patient data has been leaked. Paul Vitenas, Jr., M.D., F.A.C.S. is the founder of Vitenas Cosmetic Surgery, Mirror Mirror Beauty Boutique, and the Houston Surgery Center in Texas. On March 5, …
Oracle Health breach compromises patient data at US hospitals
Oracle Health is becoming this year’s poster child for how NOT to respond to an incident. Lawrence Abrams reports: A breach at Oracle Health impacts multiple US healthcare organizations and hospitals after a threat actor stole patient data from legacy servers. Oracle Health has not yet publicly disclosed the incident, but in private communications sent to…
Change Healthcare Seeks Dismissal of Data Breach Lawsuits Brought by Consumers and Medical Providers
Irvin Jackson reports: Change Healthcare Inc. has filed a number of motions to dismiss lawsuits brought on behalf of both individuals and healthcare providers, seeking damages for a massive data breach last year, which exposed private health information for about a third of all Americans, and disrupted the processing of medical payments for providers nationwide….
Four months after learning of a vendor’s breach, Concord Orthopaedics notifies almost 68,000 patients (1)
In November 2024, Everest Team added Concord Orthopaedics (“COPA”) to its dark web leak site (DLS) with screenshots offered as proof of claims. At the time, Everest claimed to have acquired “medical records and personal data of all patients from 2018. More than 30,000 identity documents.” On March 25, 2025, COPA mailed notifications to those…
Delete your DNA from 23andMe right now
Geoffrey A. Fowler writes: If you’re one of the 15 million people who shared your DNA with 23andMe, it’s time to delete your data. The genetic information company, best known for its saliva test kits, announced Sunday that it is headed to bankruptcy court to sell its assets. And 23andMe’s financial distress prompted California Attorney General Rob…