Saltzer Health, Idaho As 2021 wound down, Saltzer Health in Idaho reported a breach it had discovered on June 1. According to their notification, an employee’s email account had been compromised. Investigation showed the access began on May 25. On December 29, Saltzer issued a notice that disclosed the incident and reported that the types…
Category: Breach Incidents
UVA Health notified patients after Ciox Health data breach (updated)
Someone on Twitter asked me what the first breach of 2022 would be. The following public notice is not the first breach of 2022. It is a 2021 breach that just showed up after midnight in my news search this morning. And because it involves a third-party breach, we may see other covered entities affected,…
The Medical Review Institute of America notifies patients of ransomware incident (updated)
The Medical Review Institute of America (“MRIoA”) collects protected health information (PHI) as part of providing clinical peer review for covered entities that request it (if the patient consents to provide info for the review). MRIoA was hit with ransomware in November. And although they do not directly state that they paid ransom, it sounds…
Threat actors pose as pharmacists, get business associates to send them patient records
Harbor Health in Massachusetts has notified at least one patient whose data was compromised by an attack on ScansStat Technologies. According to a December 13 letter from Jesse A. Shipley, HHSI’s Director of Compliance & Risk Management, on November 12, ScansStat Technologies informed them that bad actors posing as pharmacies had managed to get ScansStat…
Schumer, In Manhasset, Promises Cybersecurity Aid to School Districts
Jennifer McLogan reports: Cyberattacks against school systems are becoming more damaging and aggressive with threats of extortion, unless ransom is paid. It’s costing taxpayers big bucks to repair school technology. Now help is on the way from the federal government. Read more at CBS. See more at NY State Senator Anna Kaplan’s website, where Frank Rizzo…
Oregon anesthesiology group notifies 750,000 about ransomware incident; FBI seized threat actors’ account with their files
Like many other healthcare entities, Oregon Anesthesiology Group, P.C. (OAG) became the victim of a ransomware attack this year. But somewhat atypically, the FBI seems to have seized a threat actor’s account that had their patient data. According to OAG’s statement of December 6, the medical group experienced what they described as a cyberattack that…