In December 2023, UW’s Fred Hutchinson Cancer Center (“Fred Hutch”) reported a November cyberattack that involved the exfiltration of patient data and attempted extortion of patients. DataBreaches contacted Fred Hutch on December 8 to ask whether the attackers had encrypted their files and whether they had negotiated with the threat actors. They did not reply….
Category: Health Data
Change Healthcare hackers broke in using stolen credentials — and no MFA, says UHG CEO
Zack Whittaker reports: The ransomware gang that hacked into U.S. health tech giant Change Healthcare used a set of stolen credentials to remotely access the company’s systems that weren’t protected by multifactor authentication (MFA), according to the chief executive of its parent company, UnitedHealth Group (UHG). UnitedHealth CEO Andrew Witty provided the written testimony ahead of a…
United Healthcare, Optum, and Change Healthcare Involved in Northeast Ohio Neighborhood Health Data Breach
Note: Marco A. De Felice (aka @amvinfe) has been doing some great investigative blogging on ransomware groups and incidents. If you’re not checking his SuspectFile site regularly, you are missing out on some of his exclusive reporting. De Felice’s recent coverage of Medusa’s attack on Northeast Ohio Neighborhood Health (NEON) begins: Another significant data breach…
All London Drugs stores closed across Western Canada due to “operational issue”
CTV News reports: All 79 locations of pharmacy and retail chain London Drugs are shut down Sunday, and there is no estimate on when they will be back open. A customer service representative told CTV News “all of our systems are down” and the stores are unable to process any transactions for the time being….
FTC Finalizes Changes to the Health Breach Notification Rule
The Federal Trade Commission today announced it has finalized changes to the Health Breach Notification Rule (HBNR) that will strengthen and modernize the rule by clarifying its applicability to health apps and other similar technologies and expanding the information that covered entities must provide to consumers when notifying them of a breach of their health…
Unsecured Health Genie bucket exposed almost 450,000 files with patient data — Cybernews
It is disgraceful that there are so many huge data leaks involving sensitive personal data, and yet here we are again. Cybernews reports: Health Genie, a healthcare IT solutions provider, left an open instance, exposing patients’ personal details as well as sensitive clinical data. The India-based healthcare solutions provider left an open Amazon S3 bucket,…