There are so many breach reports that it’s hard to even find all the notices and reports about them these days. These days, there are many breaches that I log in worksheets I compile for Protenus’s Breach Barometer annual report but never even post on this blog. Just today, for example, I found: a notice…
Category: Health Data
Canadian non-profit hit by malware gets help — from the threat actor
Good Shepherd Centres in Canada recently disclosed a breach involving protected health information that occurred on September, 27, 2020. On June 29, Good Shepherd posted a statement that explains that it had been the victim of an attempt to shut down its systems, but that the attacker(s) “quickly facilitated restoration after realizing that Good Shepherd…
Belden issues substitute notice for November, 2020 breach
In November, 2020, networking equipment vendor Belden revealed that they had been the victim of a cyberattack. DataBreaches.net noted it at the time, but did not realize any protected health information was involved until April, 2021, when Belden notified HHS that protected health information they maintained as part of their health plan had been potentially…
Norwegian DPA: Oslo University Hospital ordered to amend agreements
The Norwegian Data Protection Authority’s inspection of Oslo University Hospital (OUH) reveals that the hospital cannot document satisfactory control of patient data when the hospital needs laboratory services from other countries. The Data Protection Authority understands that it is important to be able to use laboratories in other countries when the hospital or other Norwegian laboratories do…
Oops: Hundreds of One Medical patients’ emails exposed
Elise Reuter reports on what, indeed, was a big OOPS! An errant email sent to hundreds of One Medical patients exposed their email addresses. Several One Medical patients took to Twitter on Wednesday night sharing screenshots of the same email that was addressed to more than 900 people. It’s possible that the email was sent in batches…
Mayo Clinic faces lawsuits over nude patient image snooping
Kristen Leigh Painter reports an update to a previously reported insider-wrongdoing breach: Mayo Clinic is facing three lawsuits from patients who say a former surgery resident, Ahmad Alsughayer, viewed hundreds of their nude photographs in electronic medical records despite having no professional reason to go into their files. Alsughayer, who is 28 and has a…