On October 13, AlphV threat actors added Morrison Community Hospital to their dark web leak site. Within hours, it appeared to have been removed. Today, it was re-listed with this commentary by AlphV: HUGE LEAK COMING! SQL + DATA = 5TB Given that we haven’t received a clear response from MCH representatives, we’ve decided to…
Category: Health Data
Personal Touch Holding settles NY Attorney General’s lawsuit stemming from 2021 ransomware incident: will pay $350k, improve security
From a press release from the NYS Attorney General’s Office today: New York Attorney General Letitia James today secured $350,000 from a Long Island-based home health care company, Personal Touch Holding Corporation (Personal Touch), for failing to protect vulnerable New Yorkers’ personal information and health care data. Personal Touch’s poor data security made it vulnerable to…
Inmediata settles multi-state litigation for $1.14 million; will improve data security and breach notification practices
Indiana Attorney General Rokita led a coalition of 33 attorneys general in a multi-state investigation and litigation against health care clearinghouse Imnediata stemming from a breach disclosed in 2019. Background In January 2019, HHS OCR alerted Inmediata that protected health information (PHI) maintained by Inmediata was available online and had been indexed by search engines….
Cook County Health and Hospitals System terminates relationship with medical transcription service, notifying patients of breach
On September 24, Cook County Health and Hospitals System (CCH) in Illinois notified HHS of a breach. At the time, CCH reported that 500 patients were affected. The “500” entry is usually just a marker to indicate that the entity knows that they were required to notify HHS and individuals no later than 60 days…
How Vermont’s largest hospital now protects patient info 3 years after ransomware attack
Cam Smith reports: Nearly three years after Vermont’s largest hospital fell victim to a ransomware attack, hospital officials say they’ve made progress toward better systems to protect patient information. During the breach, nearly 1,300 servers were compromised on more than 5,000 devices across the UVM Health Network. Hospital officials say while no patient or employee…
Ransomware group starts leaking data allegedly from NJ cardiology consultants group
On September 23, DataBreaches reported that the NoEscape ransomware gang had added Mulkay Cardiology Consultants (Mulkay) in New Jersey to their leak site with a date of September 2. At the time, they claimed to have successfully encrypted them and exfiltrated 60 GB of files. “We have 60GB of confidential and personal data on more…