SuspectFile reports: This article will cover what appears to be a triple cyberattack on the IT systems of Rocky Mountain Gastroenterology (RMG), a medical clinic specializing in gastroenterology with its main office in Lakewood, Colorado, and 26 operational locations. According to information gathered in recent weeks, the attack was carried out by three different cybercriminal groups. Initial findings suggested that RMG had been…
Category: Health Data
2nd Settlement Triggered by 2017 Ransomware Attack Costs WA Practice $100K; ‘Not a Breach’
DataBreaches recently posted a press release from HHS OCR that announced a settlement with Cascade Eye and Skin Centers following a ransomware investigation. Theresa Defino of Report on Patient Privacy (RPP) dug into the incident and investigation more, and her reporting services as a great reminder that HHS’s press releases frequently do not really answer…
Birth Choice of San Marcos to notify patients of breach at National Diagnostic Imaging
On March 16, 2024, National Diagnostic Imaging (NDI) experienced a network disruption. Their investigation subsequently revealed that they had been the victim of unauthorized access between February 19, 2024, and March 27, 2024. According to a letter from one of their clients, they notified Birth Choice of San Marcos on August 19 of the scope…
Double trouble: DoctorsToYou has not one, but two data security incidents to address
On Wednesday, the RansomHub ransomware group added a listing for DoctorsToYou in New York to their leak site. Their listing included several screencaps that revealed personally identifiable information (PII) and protected health information (PHI). Some of the files specifically showed their name or letterhead. The listing did not indicate how many GB of data RansomHub…
Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations
From CISA, Alert Code: AA24-290A Summary The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Communications Security Establishment Canada (CSE), the Australian Federal Police (AFP), and Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) are releasing this joint Cybersecurity Advisory to warn network defenders…
Virginia Contractor Settles False Claims Act Liability for Failing to Secure Medicare Beneficiary Data
Here’s today’s reminder that it’s not just HHS OCR that entities need to be concerned about in terms of enforcement of data security requirements for health data. ASRC Federal Data Solutions LLC (AFDS), headquartered in Reston, Virginia, has agreed to resolve False Claims Act allegations in connection with a government contract related to its storage…