Eric Zimmer reports: Following what it calls “a recent cyber security-attack” involving “unauthorized access” to its computer systems which contained sensitive and personal customer information, LifeLabs has released an open letter to its customers, detailing the incident and outlining steps it said it has taken to prevent these types of situations in the future. The…
Category: Health Data
MI: ‘Curious’ hospital employee improperly accessed thousands of medical records
Anya van Wagtendonk reports: Private medical records that may have included Social Security numbers of more than 4,000 patients at a Grand Haven hospital were improperly accessed by a hospital employee over more than three years. Between May 2016 and Oct. 2019, a hospital employee accessed the records of 4,013 patients at the North Ottawa…
Unsecured backup devices continue to be a hot mess
After a few years of headlines blaring mega-numbers of records exposed by misconfigured RSYNC backups, we might hope that we would be seeing fewer errors by now. But it seems that RSYNC errors continue at a high rate, exposing massive amounts of data. This month, part of what I did was look at RSYNC errors…
Minnesota Blue Cross scrambles to boost cyberdefenses
Joe Carlson reports: Blue Cross Blue Shield of Minnesota is working rapidly to shore up its cybersecurity defenses after an internal whistleblower raised alarm that the state’s largest health insurer had long neglected thousands of important updates. Internal documents show that Minnesota Blue Cross allowed 200,000 vulnerabilities classified as “critical” or “severe” to linger for…
Hackensack Meridian: We paid ransom to hackers to stop hospital cyber-attack
Michael L. Diamond reports: Hackensack Meridian Health paid an undisclosed amount in ransom to stop a cyber-attack that has disrupted the hospital owner’s computer network since it began last week, the company said Friday. The Edison-based company said it had insurance to help cover the costs associated with cyber-attacks, including payment, remediation and recovery efforts….
On the notification warpath, Friday edition
In 2006, I started advocating that there needs to be a law or regulation that requires businesses to have a method to receive notifications of security alerts. A number of people I respect offered explanations as to why that wasn’t a great idea. But 13 years later, I’m more convinced than ever that we need…