On November 4, Maxim Healthcare Group, including Maxim Healthcare Services and Maxim Healthcare Staffing (collectively “Maxim Healthcare”) issued a press release about a breach — a press release they describe as issued “out of an abundance of caution.” That sounds like they had an option not to disclose. I would think that they were required…
Category: Health Data
Two providers in Colorado and Alabama report breaches, and a benefits administrator in Georgia also reports a cyberattack
The Urology Center of Colorado (TUCC) On September 8, TUCC detected an attack that began September 7. Their investigation revealed that patients’ name and one or more of the following data elements may have been date of birth, Social Security number, address, phone number, email address, medical record number, diagnosis, treating physician, insurance provider, treatment…
Technology vendor, mental health services provider, and pain management clinic all report breaches involving protected health information
QRS On August 26, healthcare technology services company QRS, Inc. (“QRS”) discovered that an attacker had compromised a patient portal and exfiltrated some files from that client’s server. The compromise had been detected within three days of the attack. The information the threat actor may have accessed or acquired may have included, depending on the…
Black Shadow hackers leak medical records of 290,000 Israeli patients
The Times of Israel reports: In its second major leak in a day, the Black Shadow hacking group on Tuesday night uploaded what it said was the full database of personal information from Israel’s Machon Mor medical institute, including medical records of some 290,000 patients. The directory reportedly includes information on patients’ blood tests, treatments,…
What happened, Friday edition
It’s often quite difficult to code incidents for analysis purposes. Consider the following notification’s description of what happened, as one example: Mesa, AZ: November 3, 2021 – Baywood Medical Associates, PLC dba Desert Pain Institute (“DPI”), a health care provider specializing in pain management located in Mesa, Arizona, has become aware of a data security incident…
JEV Plastic Surgery & Medical Aesthetics notifies patients of malware incident
JEV Plastic Surgery & Medical Aesthetics in Maryland has issued a press release about a malware incident. According to their notice, an unauthorized actor accessed their systems and may have viewed or acquired certain patient information between April 30, 2021 and June 14, 2021. The types of personal and/or medical information that may have been accessible by…