HIPAA requires that covered entities notify HHS and affected patients of a reportable breach within 60 calendar days of discovery of a breach. Exceptions are made if law enforcement asks an entity to delay notification so as not to interfere with an investigation, but such requests are infrequent. So why are we first finding out…
Category: Health Data
After ransomware attack, state’s second-largest health insurer says patient data were stolen
Jessica Bartlett reports: The second-largest health insurer in Massachusetts said that patient data had been copied and taken from its systems during a recent data breach and that it is notifying patients that their information may have been compromised. Point32Health, which is the parent company of Tufts Health Plan and Harvard Pilgrim Health Care, has been actively…
CommonSpirit expects to recover most of its $160M cyberattack costs
Nick Thomas reports: Chicago-based CommonSpirit, one of the largest nonprofit health systems in the nation, upped its current estimate of losses stemming from a cyberattack in October to $160 million when it released first-quarter results May 15. The original cost amount was estimated at $150 million. The better news is that the 143-hospital system is confident of…
Amsterdam court hears case against alleged hacker, “DataBox”
DataBreaches previously reported that Dutch police arrested a 25-year-old man from Almere in November of 2022. Erkan S., known as “DataBox” on RaidForums, has been in custody since then. He was charged with dumping the GIS (Gebühren Info Service GmbH) data of nine million Austrians and listing it for sale on RaidForums in May 2020….
Peachtree Orthopedics alerts patients to cyberattack; third patient data breach in seven years
An Atlanta clinic alerts patients to at least its third incident involving patient data in seven years. Karakurt threat actors recently added Peachtree Orthopedics in Atlanta (Peachtree Orthopaedic Clinic, P.A.) to their leak site. As often seems to be the case with Karakurt listings, the date on Karakurt’s post is somewhat confusing, and they make…
Norton Healthcare update on cyberattack
Norton Healthcare has six hospitals in Kentucky and one in Indiana. Since May 9, they have been working on recovering from a cyberattack. They don’t call it a ransomware attack but if they received faxed threats and demands as they state in their update, it was likely either a ransomware attack or someone skipped the…