The following press release concerns breaches that occurred five years ago. NEWARK – Acting Attorney General Andrew J. Bruck and the Division of Consumer Affairs today announced that two printing companies have agreed to pay $130,000 in penalties and to implement new security policies to resolve allegations they violated the New Jersey Consumer Fraud Act (CFA)…
Category: Health Data
N.L. patient, employee data stolen in health-care cyberattack
Alex Kennedy reports: Hackers stole personal information connected to both patients and employees in the Eastern Health and Labrador-Grenfell Health regions of Newfoundland and Labrador’s health-care system as part of a recent cyberattack, according to officials. The information was accessed through the province’s Meditech data repository, which includes a patient information database as well as…
Some Florida Heart Associates data appears on dark web after ransomware attack earlier this year
In July, this site noted a May, 2021 ransomware incident that significantly impacted Florida Heart Associates. In July, they notified HHS that 45,148 patients were impacted. Now this week, we learned that it was Pysa threat actors who had attacked them, and they have now dumped some of the data. Pysa’s dump is a little…
Maxim Healthcare notifies patients of breach that occurred in October, 2020
On November 4, Maxim Healthcare Group, including Maxim Healthcare Services and Maxim Healthcare Staffing (collectively “Maxim Healthcare”) issued a press release about a breach — a press release they describe as issued “out of an abundance of caution.” That sounds like they had an option not to disclose. I would think that they were required…
Two providers in Colorado and Alabama report breaches, and a benefits administrator in Georgia also reports a cyberattack
The Urology Center of Colorado (TUCC) On September 8, TUCC detected an attack that began September 7. Their investigation revealed that patients’ name and one or more of the following data elements may have been date of birth, Social Security number, address, phone number, email address, medical record number, diagnosis, treating physician, insurance provider, treatment…
Technology vendor, mental health services provider, and pain management clinic all report breaches involving protected health information
QRS On August 26, healthcare technology services company QRS, Inc. (“QRS”) discovered that an attacker had compromised a patient portal and exfiltrated some files from that client’s server. The compromise had been detected within three days of the attack. The information the threat actor may have accessed or acquired may have included, depending on the…