Bernise Carolino reports that there is a settlement in a lawsuit against CarePartners in Canada. The proposed class-action lawsuit stemmed from a breach in 2018 that DataBreaches.net investigated and covered on this site. The firms of Howie, Sacks & Henry LLP (HSH), Waddell Phillips PC and Schneider Law Firm represented the plaintiffs, Arthur Redublo and…
Category: Health Data
Vendors and HIPAA
Matt Fisher of Carium writes: An important part of establishing strong security for an organization rests with how it interacts with its vendors. The creation of a chain of entities creating, interacting with, storing, or otherwise handling sensitive patient information starts at the top, but can easily and frequently go down many layers. Given the…
Quest’s ReproSource faces patient lawsuit over data breach impacting 350K patients
Jessica Davis reports: One month after notifying 350,000 patients of a potential theft of their protected health information, ReproSource Fertility Diagnostics has been sued by a patient over alleged security failings. ReproSource is a clinical laboratory for fertility specialists and a subsidiary of Quest Diagnostics. First disclosed Oct. 8, an attacker hacked into the ReproSource network in…
Medsurant Health discloses ransomware incident, but not yet notifying patients
Medsurant Health in Pennsylvania recently notified HHS that 45,000 patients were impacted by a breach. The patients are not yet being notified, however, because it seems Medsurant is still trying to figure out who needs to be notified. In a statement published November 29, Medsurant stated that they received an email from a threat actor…
DNA Diagnostics Center notifying more than 2 million people who used a national genetic testing service
People who had their personal information collected by a national genetic testing organization between 2004 and 2012 may have never known that their information was acquired by DNA Diagnostics Center (DDC) in Ohio in 2012. They may find out now, though, as DDC fell prey to a cyberattack in May and data was exfiltrated over…
Seventh months after initial discovery, Broward Public Schools discloses Conti attack also impacted employees’ health insurance data
In March, 2021, Broward County Public Schools disclosed a breach that captured the public’s attention when Conti threat actors subsequently released a copy of their negotiation chat logs. When negotiations failed to result in an agreement, the threat actors dumped nearly 26,000 files on their dark web and clearnet leak sites. Now, seven months after…