Today’s reminder that low-tech paper breaches are still reportable breaches. Robert Bradfield reports someone found a trove of medical records from Allen Eye Center. Some records date back to the 1990s. “I just know that I saw date of births, names, full names, addresses, phone numbers,” Matt said. Read more at First Coast News.
Category: Breach Incidents
Alameda Health System’s second breach went undetected by investigators of first breach?
On June 24, Alameda Health System in California submitted a notification to the California Attorney General’s Office. The notification concerned a breach of an employee’s email account breach that began on April 30, 2020. The breach wasn’t discovered until February 23, 2022, and the account was locked down after that in March. According to Alameda’s…
Updating: Breach reports from Eye Care Leaders’ clients continue to add up
As June drew to a close, DataBreaches’ little notepad tabulations indicate that we already have reports from 32 entities impacted by the Eye Care Leaders breach last December. Readers may recall that ECL’s myCare Integrity platform was reportedly accessed by an unauthorized individual who deleted some of the databases before being detected. As far as…
Health Information Management vendor breach results in theft of patient info
Unauthorized access to a New Jersey Health Information Management (HIM) vendor’s portal has resulted in some patients’ protected health information being acquired and exfiltrated. Earlier today, DataBreaches was contacted by someone known to this site as “DarkFox.” DataBreaches has reported on DarkFox in the past without identifying them, but is identifying them this time by…
Ransomware LockBit: a hundred victims per month in the first half
Valéry Rieß-Marchive reports: In the first half of the year, more than 420 victims were claimed on the showcase site of the LockBit 2.0 franchise. This figure is lower than the reality. But to what extent? The examination of clues present in the source code of the showcase site sheds new light… on the level of…
When the data leak is not from the victim you named, Wednesday edition
Ever since threat actor groups started naming and leaking victims who do not pay their demands, groups have occasionally misidentified their victims. Today’s example is courtesy of Avos Locker, who added the Canadian Mental Health Association to their leak site in April. Inspection of the data in the leak, however, quickly raised questions as to…