The attacks on the medical sector continue, although not all get a lot of media coverage. This week, DataBreaches.net noted the Alamance Skin Center ransomware breach which had left the medical entity with unrecoverable data on 100,000 patients. I get a knot in my stomach just thinking about breaches like that one. Today, DataBreaches.net notes…
Category: Health Data
Previously Convicted Former Physician Pleads Guilty To Wire Fraud, Health Care Fraud, And Aggravated Identity Theft
There’s yet another update to the troubling case of Spyros Panos, who had been charged with stealing another physician’s identity to continue on his fraudulent way after losing his medical license for other crimes. A post on this site in 2018 provides some of the background and history. On October 30, the Southern District of…
Mercy Iowa City notifies 92,795 after discovering employee’s email account compromised
It started as so many breaches do — with the compromise of an employee’s email account. From May 15 until June 24, a threat actor accessed the account and used it to send spam and phishing emails. The breach was discovered on June 24. Mercy Iowa City’s investigation, assisted by a forensics security firm. ultimately…
NC: Alamance Skin Center breach left patient data totally unrecoverable
Alamance Skin Center recently reported a HIPAA breach to HHS as being a “Loss” incident with data in EMR. But previous media coverage provided an even more dire understanding of the incident. On November 4, Triad Business Journal reported that the medical practice, part of Cone Health, had been the victim of a ransomware attack. The…
Commentary: ‘You may be hacked’ and other things doctors should tell you
Maximilian Kiener is Research Fellow in Philosophy at the University of Oxford. And while I have been blogging about the need to promptly disclose to patients when patient data has been acquired or dumped by threat actors, Kiener has been writing about the need for doctors to expand our concept of what constitutes the kind…
Correction and Update: Mount Locker team denies responsibility for Sonoma Valley Hospital attack
On November 9, DataBreaches.net published “Without Undue Delay” which catalogued health sector ransomware attacks where attackers had dumped patient data as part of an attempt to pressure their victims into paying ransom. That report was a companion to a post arguing that patients need to be notified sooner of ransomware dumps than HIPAA’s 60-day window…