Alive Hospice in Tennessee is notifying patients whose personal and protected health information were in employee emails that were accessed by an unknown person or persons beginning on December 20, 2017 and again on April 5, 2018 after two employees fell prey to phishing attacks. The attacks were discovered on May 15, 2018. Here is…
Category: Health Data
Billings Clinic employee’s email hacked during overseas travel; breach affects 8,400 people
James Woodcock reports: Billings Clinic reported a data breach Friday that affected 8,400 people. The hospital’s security systems identified unusual activity with an employee’s email account on May 14, according to a release from the organization. The account was hacked while the employee was traveling overseas. Read more on Independent Record.
TX: UMC Physicians offers identity protection to 18,000 patients after data breach
KCBD reports: UMC Physicians (UMCP) is notifying patients who may have been affected by a recent data breach. They are also providing patients, whose information may have been compromised, with information to safeguard against identity theft and fraud and are offering access to one year of credit monitoring and identity restoration services at no cost. According…
Deceased Patient Data Being Sold on Dark Web
Oren Koriat reports: … Recently, Cynerio has detected an interesting new wrinkle in the sale of stolen medical data on the dark web. Our research team found a post from a vendor on the dark web offering the medical records of the deceased. In this dark web listing, the vendor mentions that 60,000 of the stolen…
Identities of thousands of Tennesseans with HIV made vulnerable by government error
Bret Kelman reports: For nine months, the confidential data just sat there, where hundreds of employees could reach it. The identities of thousands of Tennesseans with HIV or AIDS, both living and dead, were listed in a computer database kept on a server accessible to the entire staff of the Nashville Metro Public Health Department. But…
Follow-Up: MedEvolve provides notice of leaky FTP server
On May 16, DataBreaches.net reported on a breach involving MedEvolve. The breach had been reported to this site by an independent researcher, who had found that some of MedEvolve’s clients’ patient information was exposed on a public FTP server with no login required. The MedEvolve incident was included in the May statistics compiled for Protenus’s…