Becca Noy reports: According to cyber security researchers at ESET, the cyberattack that hit two Israeli hospitals last week was conducted by a hacker who identifies as a Palestinian. It was also discovered that the computer virus that was used in the attack is a spy tool designed to extract information. The analysis conducted by the IT…
Category: Health Data
Ohio police, fire dispatch center hacked (UPDATED)
UPDATE of July 6: Wooster’s Law Director clarified for me that the data that were compromised came from police incident reports, which includes names and social security numbers and/or driver’s license numbers. The dispatch system is not a HIPAA-covered entity. According to Ms Applebaum, this incident was not related to WannaCry and the city has “measures in…
If you have health insurance anywhere, or are a Medicare patient in Australia, your data are up for sale on the darknet
Paul Farrell reports: A darknet trader is illegally selling the Medicare patient details of any Australian on request by “exploiting a vulnerability” in a government system, raising concerns that a health agency may be seriously compromised. An investigation by Guardian Australia can reveal that a darknet vendor on a popular auction site for illegal products…
Medical billing firm exposes unencrypted protected health information
Last month, DataBreaches.net was contacted by Kromtech Security’s research team and asked to assist it in alerting a medical billing firm that they were exposing patients’ personal and protected health information on their backup server. On June 12, DataBreaches.net sent iMax Medical Billing in Ohio a message and left them a voice mail, alerting them…
So many notifications due to ransomware, but are these really necessary?
Another entity has recently notified patients whose protected health information was on a server infected with ransomware. Once again, even though investigation turned up no evidence that any patient’s PHI was actually accessed or exfiltrated, entities are notifying – on the side of caution and/or because HHS requires them to in the absence of firm…
Cove Family & Sports Medicine recovers from ransomware, but loses some data
There are different metrics for describing the impact of a breach, but one of the ones I use in my subjective system is whether patient data that might be needed for care have been lost, stolen, or corrupted. In June, there were a lot of data breaches or security incidents and many involved ransomware. One…