Alexander Martin reports: More than 11 months after a ransomware group published information from a U.K. pathology services company, the affected patients still have not been informed about what data of theirs was exposed in the incident, with material about sexually transmitted infections and cancer cases being included in the leaks. The data was compromised…
Category: Health Data
Saskatoon children’s hospital nurse unlawfully snooped on records of 314 patients: privacy report
Brandon Harder provides this morning’s reminder of the insider threat: Without legal authority, a nurse who worked at Saskatoon’s Jim Pattison Children’s Hospital snooped on the private medical records of 314 patients, according to a recent report. The report, dated April 23 and signed by Saskatchewan Information and Privacy Commissioner Ronald J. Kruzeniski, states that…
Acadian Ambulance Seeks Dismissal of Data Breach Lawsuit
Stephen Marcantel reports that Acadian Ambulance is seeking dismissal of a class-action lawsuit stemming from a ransomware attack in 2024 by Daixin Team. Acadian is claiming there is no proof that any patient has experienced any actual harm from the breach. The lawsuit, which was consolidated from 10 other class actions, claims that the July…
45 CHS hospitals were affected by the Oracle Health outage
This is reportedly all resolved by now, but on April 25, Becker’s Hospital Review reported that dozens of hospitals affiliated with Franklin, Tenn.-based Community Health Systems were experiencing IT outages after data storage linked to their Oracle Health EHRs was accidentally deleted: The hospitals have reverted to paper for patient records, with the issue expected…
Texas Health and Human Services Commission Notifies Additional Individuals Regarding Insider Wrongdoing Breach
There’s an update to an insider data breach previously announced in January 2025. Yesterday’s announcement brings the new total affected to almost 95,000 people. April 30, 2025. AUSTIN – The Texas Health and Human Services Commission is notifying an additional 33,529 recipients of agency services and other affected individuals that their protected health, personal identifying…
HHS OCR Settles HIPAA Ransomware Cybersecurity Investigation with Comprehensive Neurology, PC
Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement with Comprehensive Neurology, PC (Comprehensive), a small New York neurology practice, concerning a potential violation of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. The settlement resolves an OCR investigation of a ransomware…