Brett Kelman reports an update to a phishing incident in September: A large Nashville-based healthcare company that was hacked earlier this year said Tuesday an internal investigation has revealed the stolen emails were intercepted before they were ever opened by the cyberattacker. Aspire Health, which offers in-home treatment in 25 states, has also abandoned its legal hunt for the…
Category: Health Data
MN: About 500 impacted in Ramsey County Social Services data breach
Bisi Onile-Ere reports: A cyber attack on the Ramsey County Social Services may have comprised hundreds of clients’ private health information. In August, hackers gained access to the accounts of 28 employees in an attempt to divert their paychecks. “At Ramsey County this is the first time that we experienced something like this,” said John…
Pagosa Springs Medical Center pays $111,400 to settle OCR charges for failing to terminate employee’s access to ePHI after employment ended
Another enforcement action by HHS/OCR was announced today. This settlement involving Upper San Juan Health Service District (d/b/a Pagosa Springs Medical Center) is not an incident that I have been able to locate on HHS’s public breach tool or in this site’s records. According to the resolution agreement, the HHS investigation was opened in 2013. No,…
Data Breach at Florida Dispensary Highlights Vulnerabilities
Lukas Barfield reports: Last week, a Florida medical cannabis dispensary took their website offline after it was found that patient information was obtainable through the site’s basic search function. Sarasota-based AltMed is a licensed Medical Marijuana Treatment Center (MMTC) that also goes by the name MÜV. AltMed responded quickly by taking their website offline after…
UK: NHS to ban fax machines from 2020
From the This-Is-A-Good-Move dept., The Independent reports: Fax machines will be banned across the NHS in a bid to improve patient safety and cyber security. The outdated technology will be phased out by 31 March 2020 under plans announced by health secretary Matt Hancock. NHS organisations will be required to use modern communication methods instead, such as secure…
Report: 30 Percent of Healthcare Databases Exposed Online
Heather Landi reports: Hackers are using the Dark Web to buy and sell personally identifiable information (PII) stolen from healthcare organizations, and exposed databases are a vulnerable attack surface for healthcare organizations, according to a new cybersecurity research report. A research report from IntSights, “Chronic [Cyber] Pain: Exposed & Misconfigured Databases in the Healthcare Industry,”…