An article by William Maruca of FoxRothschild is headlined, “Ransomware Claims A Victim.” It discusses the case of Brookside ENT, whose doctors decided to shutter their practice and retire a year early after a ransomware attack that encrypted their patient data, billing information, scheduling information, and even their backups. In other words, the attacker successfully…
Category: Health Data
MN: Riverplace Counseling Center Notifies 11,639 Patients After Security Incident
From their notice: ANOKA, MINNESOTA – April 11, 2019 – Riverplace Counseling Center has become aware of a potential data security incident that may have resulted in the unauthorized access to personal information, including health information. Although at this time, there is no evidence of any attempted or actual misuse of anyone’s information as a…
Update on Meditab breach
On March 19, this blog linked to a TechCrunch report about an improperly secured Meditab fax server that potentially allowed fax images with patient information to be accessed from an analytics portal. The exposure had been found by SpiderSilk, a cybersecurity firm in Dubai, who estimated that 6 million images were potentially accessible. The TechCrunch…
Klaussner Furniture Notified More than 9,000 Employees and Their Dependents of a Data Security Incident Involving Health Plan Data
Another day, another press release…. ASHEBORO, N.C., April 05, 2019 (GLOBE NEWSWIRE) — Klaussner Furniture Industries, Inc. (“Klaussner”) recently became aware that a data security incident that affected its operations could also have affected the personal information of certain current and former employees, as well as some of their dependents. However, after a thorough investigation…
Centrelake Medical Group notifies patients after virus investigation reveals earlier intrusion and suspicious activity
Updated April 25: This incident was reported to HHS as impacting 197,661 patients. Original post: Here’s their press release. The release does not explain how the attacker(s) first gained access to certain servers in January. Was the infection intended to cover up the earlier activity? It’s not clear to me. Nor does the press release…
Five months after disclosing a patient PHI breach involving employee email accounts, Metrocare discloses a second, identical, breach?
On April 5, Metrocare Services in Texas notified HHS that it was notifying 5,290 clients of a breach. A notice on their web site explains: On February 6, 2019, we learned an unauthorized third party gained access into some Metrocare employees’ email accounts beginning on January 2019. We immediately took steps to secure the accounts…