I’ve occasionally seen evidence that one victim was hit by more than one group or threat actor, but Sophos provides the most detailed reporting I’ve ever seen on one such incident. Sean Gallagher takes us through the saga that impacted a healthcare provider in Canada hit by two separate ransomware groups — Karma and Conti….
Category: Health Data
JDC Healthcare Management issues second press release about malware incident last summer
On October 7, JDC Healthcare Management (Jefferson Dental Care) issued a press release concerning a malware incident discovered in August. At the time, they notified HHS that 501 patients were affected — a number that typically means “We know it’s more than 500 but we don’t have an exact count yet.” Today, they issued a…
LA: Spine Diagnostic & Pain Treatment patient files show up on ransomware site
It looks like we may need to add Spine Diagnostic & Pain Treatment to our list of medical entities hit by ransomware groups. Conti Team added the Louisiana provider to their leak site earlier today, dumping 3,351 files that they claim represent 30% of all the files they exfiltrated. Inspection of the files, which compromised…
TX: Houston Health Department working to fix website ‘glitch’ that exposed patients’ COVID test results
KTRK reports: The Houston Health Department is warning its clients after a glitch in the system exposed COVID-19 test results and their personal information. The health department said it was made aware of the potential breach on the night of Jan. 6 and the portal was deactivated within 48 hours. According to a release from…
Dr. Douglas C. Morrow, OD Notifies Patients of Data Security Incident
Look at the timeline. Was this a ransomware incident that encrypted data and made it more difficult to investigate? Why did it take so long from some of these benchmarks to notification? AUBURN, Ind., Feb. 23, 2022 /PRNewswire/ — On May 16, 2021, Dr. Douglas C. Morrow, OD (“Dr. Morrow”) experienced a data security incident that prevented users from accessing…
North Shore University Hospital notifies 7,614 patients of unauthorized access to personal information
The following is not a new incident. It is just a newly disclosed incident because of a law enforcement-requested delay in disclosure. North Shore University Hospital (NSUH) issued a notice on February 1, 2022 concerning insider-wrongdoing. The notice begins: NSUH learned that a former employee who worked at a medical office may have improperly accessed…