The email in my inbox on Friday night had the subject line, “Hey sexy,” and appeared to come from “[email protected]” <[email protected]>. Under normal circumstances, I would have just sent it to trash, but the Twitter user known to me as “Pompompurin,” had alerted me to check my email for what he described as a funny…
Category: Breach Incidents
When I emailed Overlake OB/GYN in July about a ransomware attack in 2020, I didn’t anticipate what would happen next.
In December, 2019, Overlake Medical Center & Clinics discovered that some employees had fallen for a phishing scheme. On February 7, 2020, they reported the incident to HHS as impacting 109,234 patients. As HHS subsequently summarized things: After the breach, the [Covered Entity] implemented additional administrative and technical safeguards and retrained its staff on the…
Data of Lister fertility clinic patients and other medical practices compromised by ransomware attack on third-party vendor
Jay Jay reports: In a letter sent to about 1,700 patients, Lister Fertility Clinic said that a ransomware attack on Stor-a-file Limited, a firm that scans medical records for the clinic, compromised the sensitive information of patients. […] The document management firm said that the ransomware attack affected 13 organisations, six of them in the healthcare sector….
Threat actors add Johnson Memorial Health to dark web leak site
Johnson Memorial Health in Indiana was the victim of a ransomware incident in early October that was quickly reported in the press: The hackers gained access to the hospital’s network at 10:31 p.m. Friday and installed ransomware by 10:33 p.m. The hospital’s IT team discovered the attack within about 15 minutes and immediately shut down…
Some Florida Heart Associates data appears on dark web after ransomware attack earlier this year
In July, this site noted a May, 2021 ransomware incident that significantly impacted Florida Heart Associates. In July, they notified HHS that 45,148 patients were impacted. Now this week, we learned that it was Pysa threat actors who had attacked them, and they have now dumped some of the data. Pysa’s dump is a little…
Maxim Healthcare notifies patients of breach that occurred in October, 2020
On November 4, Maxim Healthcare Group, including Maxim Healthcare Services and Maxim Healthcare Staffing (collectively “Maxim Healthcare”) issued a press release about a breach — a press release they describe as issued “out of an abundance of caution.” That sounds like they had an option not to disclose. I would think that they were required…