Michael John Lo reports: A ransomware gang is threatening to release confidential data it claims to have stolen from London Drugs if it isn’t paid $25 million by Thursday. The retailer and pharmacy chain closed all of its 79 stores in Western Canada after a cybersecurity breach was discovered on April 28. Stores, including ones…
Category: Health Data
100 Groups Urge Feds to Put UHG on Hook for Breach Notices
Marianne Kolbasuk McGee reports: More than 100 medical associations and industry groups representing tens of thousands of U.S. doctors and healthcare professionals have banded together to urge federal regulators to hold Change Healthcare responsible for breach notifications related to a massive February ransomware attack. The groups in a letter Monday asked the U.S. Department of Health and…
Superior Air-Ground Ambulance Service notifies more than 850,000 patients of cyberattack last year
Superior Air-Ground Ambulance Service, Inc. {“Superior”) has locations in five states: Illinois, Indiana, Ohio, Michigan, and Wisconsin. On May 10, they notified HHS of an incident affecting 858,238 patients. A notice on their website explains that they discovered unusual activity in their network in May 2023. “On June 23, 2023, the investigation determined that an…
Tx: CentroMed discloses a second data breach within one year (UPDATE 1)
In August 2023, El Centro Del Barrio (“CentroMed”) reported a breach that affected 350,000 patients. The incident, which had been claimed by Karakurt threat actors in June, involved patients’ names, addresses, dates of birth, Social Security numbers, financial account information, health insurance plan member IDs and claims data. A check of Karakurt’s leak site today…
HHS launches $50M security initiative to thwart hospital ransomware
Chad Van Alstin reports: The U.S. Department of Health and Human Services (HHS) is launching a $50 million incentive program to encourage hospitals to improve their cybersecurity. Dubbed the Universal Patching and Remediation for Autonomous Defense—or UPGRADE—program, the initiative aims to speed up vulnerability detection and patch deployment through the creation of a platform that…
Mosaic Mental Health notifies patients of breach
On September 25, 2023, Riverdale Mental Health d/b/a Mosaic Mental Health (“MOSAIC”) notified HHS of an incident that affected 7,281 patients. The incident was coded as a “hacking/IT incident” involving their network, but no further details were available at the time. On April 3, more than six months later, they sent out notification letters. Massachusetts…