Martin Bernstein reports (translation): The Urological Clinic Munich Planegg(UKMP) and its patients recently fell victim to a hacker attack. This emerges from an information letter that the clinic sent out to patients in early February. It is obliged to do so according to the General Data Protection Regulation. The cyber attack occurred in mid-January. The clinic management did not respond to a…
Category: Health Data
Preliminary settlement approved in 21st Century Oncology 2015 breach case
Long-time readers may remember that 21st Century Oncology had a slew of serious problems going back to 2013 including a rogue employee-related breach that they were alerted to by law enforcement, and litigation under the False Claims Act that resulted in them paying $34.7 million for billing for medically unnecessary tests. But of note, in…
mHealth Apps Expose Millions to Cyberattacks
Becky Bracken reports: Some 23 million mobile health (mHealth) application users are exposed to application programming interface (API) attacks that could expose sensitive information, according to researchers. Generally speaking, APIs are an intermediary between applications that defines how they can talk to one another and allowing them to swap information. Researcher Alissa Knight with Approov…
The Netherlands: 440,000 EUR fine for hospital for inadequate authentication and logging
Demi Rietveld and Richard van Schaik of DLA Piper write: The Dutch Data Protection Authority (Autoriteit Persoonsgegevens, “Dutch DPA”) has published its decision to impose an administrative fine of EUR 440,000 on Amsterdam hospital OLVG due to the lack of sufficient measures to prevent access to medical records by unauthorised personnel. After complaints, the Dutch…
After hackers blackmailed their clients, Finnish therapy firm declares bankruptcy
Graham Cluley reports: Vastaamo, the Finnish psychotherapy practice that covered up a horrific security breach which resulted in patients receiving blackmail threats, has declared itself bankrupt. Read more on Hot for Security.
TX: Threat actors dump patient files from Nocona General Hospital
On February 3, Conti threat actors added Nocona General Hospital in Texas to their leak site, posting 20 files as proof that they had accessed the hospital’s files. Many of the files contained patient records from 2018, and appeared to be pdf scans or doc files. They did not appear to be records from any…