Monongalia Health System in West Virginia issued a press release this week about a data breach that impacted patients, employees, and contractors. It was the second incident reported by them in a one-year period. But was this incident unrelated to the first incident or related to it? It’s not yet clear, let’s back up to…
Category: Health Data
Conti and Karma actors attack healthcare provider at same time through ProxyShell exploits
I’ve occasionally seen evidence that one victim was hit by more than one group or threat actor, but Sophos provides the most detailed reporting I’ve ever seen on one such incident. Sean Gallagher takes us through the saga that impacted a healthcare provider in Canada hit by two separate ransomware groups — Karma and Conti….
JDC Healthcare Management issues second press release about malware incident last summer
On October 7, JDC Healthcare Management (Jefferson Dental Care) issued a press release concerning a malware incident discovered in August. At the time, they notified HHS that 501 patients were affected — a number that typically means “We know it’s more than 500 but we don’t have an exact count yet.” Today, they issued a…
LA: Spine Diagnostic & Pain Treatment patient files show up on ransomware site
It looks like we may need to add Spine Diagnostic & Pain Treatment to our list of medical entities hit by ransomware groups. Conti Team added the Louisiana provider to their leak site earlier today, dumping 3,351 files that they claim represent 30% of all the files they exfiltrated. Inspection of the files, which compromised…
TX: Houston Health Department working to fix website ‘glitch’ that exposed patients’ COVID test results
KTRK reports: The Houston Health Department is warning its clients after a glitch in the system exposed COVID-19 test results and their personal information. The health department said it was made aware of the potential breach on the night of Jan. 6 and the portal was deactivated within 48 hours. According to a release from…
Dr. Douglas C. Morrow, OD Notifies Patients of Data Security Incident
Look at the timeline. Was this a ransomware incident that encrypted data and made it more difficult to investigate? Why did it take so long from some of these benchmarks to notification? AUBURN, Ind., Feb. 23, 2022 /PRNewswire/ — On May 16, 2021, Dr. Douglas C. Morrow, OD (“Dr. Morrow”) experienced a data security incident that prevented users from accessing…