Century Specialty Script, LLC (“Century”) is a specialty pharmacy in New York. Yesterday, it disclosed a data security incident potentially impacting protected health information. According to their press release, they do not know when it happened, but one employee’s Microsoft Office365 accounts was compromised. The intruder’s access was discovered on or about July 28, and…
Category: Health Data
Nebraska Medicine was victim of cyber attack
Kevin Westhues reports: Nebraska Medicine confirmed Thursday night that it was the victim of a cyber attack. The attack caused a significant downtime for its information technology system, leading to many postponed appointments throughout the week. The entity issued a statement on Thursday that says, in part: Earlier this week Nebraska Medicine experienced a significant…
Health Insurer Pays $6.85 Million to Settle Data Breach Affecting Over 10.4 Million People
HHS has announced another big settlement and corrective action plan. This one stems from a hack of Premera Blue Cross (PBC) in 2014 that went undetected until March of 2015. DataBreaches.net had covered this incident at the time and the follow-ups that included a class action lawsuit that settled, a settlement with state attorneys general,…
Interim Report on Blackbaud Breach: 5.6 million patients and counting…
Since our first interim report, DataBreaches.net has continued to compile reports that mention patient information that was disclosed to Blackbaud and that may have been accessed or exfiltrated by ransomware threat actors in the data breach discovered in May. Despite the criminals pinky-swearing that they wouldn’t misuse the data and would destroy it all in…
OH: Stark Summit Ambulance notified patients and employees of data breach
Ohio-based Stark Summit Ambulance has disclosed a data security incident impacting employees and patients. On May 28, 2020, the firm learned of unusual activity involving one Stark Summit Ambulance employee email account. Over the next few months, as they continued investigating, they discovered more employee email accounts that had been compromised. By the end of July,…
HIPAA Business Associate Pays $2.3 Million to Settle Breach Affecting Protected Health Information of Over 6 million Individuals
A second big settlement from HHS this week (you can find the first one here). HHS’s press release concerning a case that was previously reported on this site in 2014 follows. The incident also resulted in a class action lawsuit that was settled in 2019. CHSPSC LLC, (“CHSPSC”) has agreed to pay $2,300,000 to the…