BakerHostetler writes: As noted back in December 2022, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) has issued dramatic guidance (often called the Bulletin) that targets the use of so-called Internet “tracking technologies” on the public websites of HIPAA-covered entities. Fueled by this guidance, healthcare providers have faced a dual threat…
Category: Health Data
Lawsuits Involving GoAnywhere Data Breach Consolidated at One Florida Federal Court
The ransomware gang known as Clop created massive headaches for numerous entities with attacks involving the exploitation of vulnerabilities in file transfer software. Since December 2020, the same gang exploited vulnerabilities in Accellion, Fortra’s GoAnywhere software, and Progress Software’s MOVEit software. Christopher Brown reports a litigation update in cases stemming from the GoAnywhere breach disclosed…
Ca: Hamilton’s Paramedic Service mistakenly sent patient info to wrong hospitals
Roger Collins reports: The Hamilton Paramedic Service says it has been mistakenly sending the personal information of some of its patients to the wrong hospital. Over the last four years, according to the municipal healthcare service, some paramedics have accidentally selected the incorrect hospital when submitting a patient’s records in correspondence to where they were…
Millions at risk of fraud after massive health data hack in France
Richard Henshell reports: Millions of people are at risk of fraud after a data breach at a company that manages the third-party payments for 84 top-up insurance providers. Viamedis, whose systems the third-party payments for over 20 million people, announced the data breach on February 2. Its clients include Carte Blanche Partenaires, Itelis, Kalixia and…
Atlanta Women’s Health Group notifying patients of April 2023 data breach
John Shirek reports that Atlanta Women’s Health Group just notified more than 30,000 patients about a data breach that occurred in April, 2023. As is too often the case, the incident resulted in the theft of patients’ protected health information. 11Alive reproduced part of the letter sent to patients, which says: “…while the unauthorized user…
Was BrightStar Care attacked by two different groups — or was there only one breach?
On January 24, DataBreaches was contacted by a spokesperson for AlphV (“BlackCat”) to see if this site would be interested in reporting on a breach involving BrightStar Care (“BrightStar”). BrightStar had been added to their dark web leak site that day but without any proof of claim. The spokesperson was offering to show DataBreaches data…