Naomi Diaz reports: The Centers for Medicare & Medicaid Services is warning healthcare providers and suppliers about a new fraud scheme involving fake faxed requests for medical records. According to a June 26 alert posted on CMS’ website, scammers are impersonating CMS and sending phishing faxes that falsely claim to be part of a Medicare audit. The…
Category: Health Data
Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
Jim Ruble writes: In January 2021, a nationwide mail-order pharmacy located in Massachusetts experienced a data breach. The pharmacy discovered the breach in May 2021 and investigated to determine its scope. Personally identifiable information (PII), including names and Social Security numbers for more than 75,000 customers, was breached. In February 2022, 9 months after the…
Patient death at London hospital linked to cyber attack on NHS
Rebecca Whittaker reports: The death of a patient has been linked to a cyber-attack on the NHS last year. Cyber criminals attacked two major NHS trusts causing more than 1,000 cancer treatment delays, 2,000 outpatient appointments to be cancelled and more than 1,000 operations postponed. King’s College Hospital NHS Foundation Trust said on Wednesday; a patient died during the cyber…
From $5,000 to $800,000: Days Apart, OCR Security Settlements Show Puzzling Math
More great reporting and analysis by Therese Defino of the Health Care Compliance Association (HCCA): A single incident that may have started as a personal vendetta or an extortion threat seven years ago has cost a Florida health care system $800,000, and comes on the heels of an unrelated breach suffered by a different hospital…
Marquette County Medical Care Facility discloses data breach
Marquette County Medical Care Facility (MCMCF) has issued a statement about a breach they discovered in March 2025. On March 3, 2025, MCMCF became aware of the business email compromise incident when contacts of MCMCF’s Human Resources director began receiving phishing emails from her Microsoft Office 365 (O365) account. The types of information involved included…
McLaren provides written notice to 743,131 patients after ransomware attack in July 2024 (2)
On August 5, 2024, McLaren Healthcare became aware of suspicious activity affecting McLaren Health Care and Karmanos Cancer Institute computer systems. In an early statement about the incident, McLaren indicated that the attack affected IT systems across its 13 hospitals, cancer treatment centers, surgery centers, and clinics. In an August 12 update, McLaren reported that…