Newman Regional Health (NRH) is notifying more than 52,000 patients after an investigation revealed unauthorized access to a limited number of their employee e-mail accounts between January 26, 2021 and November 23, 2021. NRH is not a large hospital. According to their site, the Kansas hospital is a not-for-profit 25-bed critical access hospital, owned by…
Category: Health Data
SuperCare Health Sued After Data Breach
The gap from the disclosure of a data breach to the filing of a potential class-action lawsuit is often a matter of weeks (or less), although a lot of lawsuits are dismissed for lack of Article III standing (see a 2021 review of data breach litigation here). In March, in-home respiratory care provider SuperCare…
Patients increasingly suing hospitals over data breaches
Jeff Lagasse reports: Industries are increasingly being sued by consumers for data breaches, but the sector with the biggest litigation increase is healthcare, according to new findings from the law firm BakerHostetler. In fact, healthcare comprises 23% of lawsuits due to data breaches. The next highest after that is business and professional services at 17%,…
‘JekyllBot:5’ Vulnerabilities Allow Remote Hacking of Hospital Robots
Eduard Kovacs reports: Cybersecurity researchers specializing in healthcare IoT systems have discovered five serious vulnerabilities that can be exploited to remotely hack Aethon’s TUG autonomous mobile robots. The TUG robots are used by hundreds of hospitals in North America, Europe and Asia to transport goods, materials and clinical supplies. Their role is to give staff…
At small and rural hospitals, ransomware attacks are causing unprecedented crises
Marion Renault reports: At 12:08 p.m. on a Monday, a Sky Lakes Medical Center employee tapped an email link. Within minutes, that click cracked open the Oregon hospital’s digital infrastructure for cybercriminals to infiltrate. By the time IT staff started looking into it, “everything was being encrypted,” said John Gaede, director of information services. On…
Update to Christie Clinics breach disclosure
On March 25, Christie Business Holdings Company, P.C. (“Christie Clinic”) disclosed a breach. As DataBreaches.net reported the next day, the clinic reported that an unauthorized actor had gained access to one business email account between July 14, 2021 and August 19, 2021. Christie’s investigation indicated that the intent of the attacker may have been to…