There is no notice of any cyberattack on the web site of Wolfe Eye Clinic in Iowa, but the clinic has been investigating and addressing an alleged attack for more than one month now while patient care continues at their multiple locations. On April 1, threat actors known as Lorenz added the clinic to its…
Category: Health Data
UK: Edinburgh mental health clinic in probe after client information accessed in scam
James Delaney reports: An Edinburgh mental health clinic is at the centre of a probe into a data breach resulting in hundreds of client contact details being accessed as part of a phishing scam. Bosses at The Edinburgh Practice, which offers a range of psychological and psychiatric counselling, were accused of failing to properly notify patients of the…
UK: NHS vaccination website leaks people’s medical data
Joel Khalili reports: A gaping security hole has been discovered in the NHS vaccination booking website, which can be easily exploited to find out whether someone has received a jab. The problem relates to the way the website treats different users, depending on how far along they are in the vaccination process. Read more on…
WA: SEIU 775 Benefits Group notifying 140,000 about hack
On April 4, SEIU 775 Benefits Group in Washington experienced abnormal activity in their system and started investigating. Their investigation revealed that an unauthorized individual had gained access to their systems and had deleted some files with personal and protected health information in the process. There was no evidence, however, that the unauthorized individual had…
Nexelis Group responds to malware attack on systems formerly owned by Pacific Biomarker
Here’s another breach that has not been in the headlines (or at least, not yet). On November 8, 2020, Nexelis Group discovered that their system had been encrypted by malware. According to the notification letter sent to patients in April, the information was contained on the server of a company that Nexelis recently acquired, Pacific Biomarkers….
Medtronic plc notifies patients after employee’s devices accessed by unauthorized person
It hasn’t been in the headlines — at least not yet — but Medtronic, a well-known medical device company, is notifying some customers after an incident one employee’s devices may have compromised personal or patient information. According to a notification letter, on March 12, an employee’s computer, phone, and iPad were “taken and accessed for…