Phil Muncaster reports: A healthcare technology company leaked 12 million records on patients including highly sensitive diagnoses, before the exposed cloud server was struck by the infamous “meow” attacker, researchers have revealed. A team at SafetyDetectives led by Anurag Sen discovered the leaky Elasticsearch server in late October after a routine IP address scan, although…
Category: Health Data
OCR Settles Thirteenth Investigation in HIPAA Right of Access Initiative
The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) announces its thirteenth settlement of an enforcement action in its HIPAA Right of Access Initiative. OCR announced this initiative as an enforcement priority in 2019 to support individuals’ right to timely access their health records at a reasonable cost…
Update: Ransomware downed UVM Medical Center systems, but no payment made
Katie Jickling reports: University of Vermont Medical Center’s IT chief revealed Tuesday that it was a ransomware attack that downed the hospital’s online systems in October. Jickling’s article provides a helpful update from what happened to how things are going with restoration. The hit was obviously a serious one, as information on 1,300 servers was encrypted, and the…
TennCare announces privacy breach impacting 3,300 members
WKRN reports: TennCare, Gainwell Technologies LLC, and Axis Direct, Inc. announced a privacy breach impacting certain TennCare members in a joint statement on Monday. According to the statement, around 3,300 Medicaid members in the state of Tennessee have been notified of a privacy issue that may have impacted their health information. Gainwell, which runs the…
Premier Kids Care, Inc. notifies patients of attack first discovered in April
Premier Kids Care, Inc. (PKC) of Georgia provides specialized pharmacy and home clinical services for children with diabetes, endocrinological, and perinatal needs. On April 6, 2020, PKC discovered it had been targeted by a cyberattack and that an unauthorized actor had gained access to PKC systems. An investigation into the incident revealed that the unauthorized…
GenRx Pharmacy Breach Notice Shows How to Do It Right
This may be one of the best breach notifications I have ever read — for its plain language, clarity, and lack of attempt to spin. Not only did these folks respond promptly to an attack, but they had usable backups, stopped the attack quickly, and just…. handled this so well, it seems. Maybe they didn’t…