Elizabeth Payne reports: Health and personal information, home addresses and OHIP numbers of up to 100,000 patients at Queensway Carleton Hospital have been affected by a major data breach involving an Ottawa-based third-party software provider. The hospital sent out public notices of the breach Friday and is contacting patients individually. It has also notified the…
Category: Health Data
NYSARC Columbia County Chapter confirms July, 2022 ransomware incident
Nine months after detecting abnormal activity on their systems, and seven months after first publicly acknowledging a breach, NYSARC Columbia County has issued another press notice. Their newest notice is somewhat confusing in that it states that they “will issue notices to affected individuals and relevant state and federal agencies about the incident.” But then…
NIST to Finalize Special Publication (SP) 800-66 Revision 2 and Collaborate on Resources for Small, Regulated Entities
NIST to Finalize Special Publication (SP) 800-66 Revision 2 and Collaborate on Resources for Small, Regulated Entities April 25, 2023 For the past 18+ months, the National Institute of Standards and Technology (NIST), in collaboration with the HHS Office for Civil Rights (OCR), has been working to update NIST Special Publication (SP) 800-66, Implementing the Health…
Former Methodist employees plead guilty to HIPAA violations
There’s an update to a case announced in November 2022 in which five former Methodist Hospital employees in Memphis Tennessee were charged with criminal violations of HIPAA. According to the indictment, between November 2017 and December 2020, the five were charged with conspiring with Roderick Harvey to unlawfully disclose patient information in violation HIPAA. Harvey…
Federal office probes Guam Memorial Hospital network breach
Jolene Toves reports: The “unauthorized access” that prompted the Guam Memorial Hospital to shut down its network in March is now being investigated by the U.S. Department of Health and Human Services, according to an acceptance letter addressed to a whistleblower who is only identified as “Leaky Leaks.” The acceptance letter, dated April 18, notified…
The Fortra/GoAnywhere breach also affected healthcare entities. Here’s what we know so far, Part 2.
More than two months after Fortra first began notifying clients that threat actors had exploited a vulnerability in GoAnywhere, many patients whose protected health information was stolen may still have no clue. In Part 1, we noted six entities that have disclosed the breach. Five of them are listed on Clop’s leak site with their…