The following is Castro Valley Health’s notification. It sounds like they may have learned about this years-long exposure incident from HHS/OCR after someone notified HHS. The incident is not yet on HHS’s public breach tool. June 5 — Castro Valley Health, Inc. has become aware of a data security incident that may have involved some personal…
Category: Health Data
University of Utah patients notified after phishing incident compromised employee email accounts
David Wells reports: Some of University of Utah Health’s patients are receiving notice that their private information may have been compromised in a recent email security breach. According to U of U Health, some of its employees’ email accounts were compromised in phishing schemes, resulting in unauthorized access of those accounts between April 6 and…
Two Data Breaches Hit Kentucky Employees’ Health Plan
Sarah Michels reports: Nearly a thousand members of Kentucky Employees’ Health Plan (KEHP) were victims of a data breach that took place in late April and mid-May, according to a statement released by the Commonwealth of Kentucky Personnel Cabinet on June 2. During the first attack, from April 21 to 27, 971 KEHP members accounts…
Data Breach Lawsuit Filed Against Aveanna Healthcare
Marianne Kolbasuk McGee reports that Aveanna Healthcare has been sued over a July, 2019 breach that it discovered in August, 2019. The breach was disclosed in February of 2020 as potentially impacting more than 166,000 patients. The incident was one of all-too-many incidents where threat actors gained access to a number of employees’ email accounts,…
Indiana covered entities discover that their documents storage and secure destruction vendor dumped records improperly
I know the arguments against holding covered entities for auditing and monitoring their business associates periodically for compliance with any contracts, but when you don’t hold covered entities really accountable for checking that their vendors or business associates are living up to their contracts, stuff like this happens. And it can go on for years….
Canadian hospitals ‘overwhelmed’ by cyberattacks fuelled by booming black market
CBC News reports: Canada’s health system is under siege from unrelenting cybercriminals trying to access patient information and other data, according to health-care professionals and cybersecurity experts who say hospitals and clinics are unable to cope with the growing threats. The problem has become so big that some are calling for Ottawa to impose national cybersecurity standards on…