The following is a notice from the Detroit Health Department. It is unclear whether this was an accidental breach due to error or some more intentional wrongdoing by an employee, but the notice makes no mention of disciplining any employee or referring to law enforcement. The Detroit Health Department is notifying specific individuals about a…
Category: Health Data
Wisconsin Department of Health Services notifying some Medicaid members of breach
The Wisconsin Department of Health Services (DHS) today announced that on August 8, 2022, as part of a cybersecurity incident investigation, DHS was notified that a presentation emailed to the DHS Children’s Long-Term Support Council in April 2021 contained protected health information. This presentation was forwarded to employees working for county government agencies in Rock…
Bits ‘n Pieces (Trozos y Piezas)
Gt: Update on VSOP attack on Guatemala’s foreign ministry Last week, DataBreaches reported that the Ministry of Foreign Affairs of Guatemala was a victim of a VSOP attack. The government confirmed an attack on October 5. Services have been restored: Currently, the services are working, which has allowed us to provide uninterrupted attention to all…
HC3: Abuse of Legitimate Security Tools and Health Sector Cybersecurity
HC3 has published another guidance (TLP:WHITE) for the healthcare sector. In this one, they discuss how the same tools used to operate, maintain and secure healthcare systems and networks can also be turned against their own infrastructure. The paper includes: Cobalt Strike PowerShell Mimikatz Sysinternals Anydesk Brute Ratel Access the paper on HHS.
Saskatoon gynecology clinic hit with ransomware attack: report
Rory MacLean reports: A ransomware attack on a Saskatoon obstetrics and gynecology clinic left the personal health information of up to 20,000 patients in the hands of malicious hackers, according to the province’s privacy watchdog. In a report issued in September, Privacy Commissioner Ronald Kruzeniski said the attack targeting Saskatoon Obstetric and Gynecologic Consultants resulted…
Some Tufts community members’ health insurance information compromised in vaccine clinic data breach
Emily Thompson reports: Tufts announced in a Thursday evening email to the community that its vaccine clinic provider, Pelmeds, has experienced a data breach involving images of patients’ insurance cards. The number of Tufts community members affected by the breach is still unknown. Tufts has ended its contract with the company and postponed all previously…