On January 24, I posted a breach notification from PIH Health with a commentary on how long it took from the time of the phishing attack to notification of almost 200,000 potentially affected patients. There was nothing in their notification, however, that suggested that patients had actually had their protected health information stolen or misused….
Category: Breach Incidents
More details emerge on one of Maze Team’s victims
On January 21 and January 31, this site reported on a ransomware attack by Maze Team on CrossroadsNet or Crossroads Technologies. It wasn’t even clear who was attacked, as one entity had no web site, and none of the Crossroads Technologies entities responded to multiple inquiries by this site about the breach. Then on January…
More than 10 million records from 2019 MGM Resorts hack; data includes celebrity guests (updated)
Catalin Cimpanu reports: The personal details of more than 10.6 million users who stayed at MGM Resorts hotels have been published on a hacking forum this week. Besides details for regular tourists and travelers, included in the leaked files are also personal and contact details for celebrities, tech CEOs, reporters, government officials, and employees at…
CA: VibrantCare Rehabilitation notifies patients after employee email account compromised
VibrantCare Rehabilitation in California recently notified 1,655 patients after an employee’s email account was accessed. They notified HHS on February 8 and posted this notice on their website: ABOUT THE INCIDENT VibrantCare Rehabilitation, Inc. (“VibrantCare”) is providing notice to individuals of an incident that may have affected the security of some information relating to certain…
University of Washington Medicine patients file class action lawsuit over December 2018 leak
Amy Clancy has an update on a University of Washington Medicine breach that was disclosed in February 2019. The breach was a human error incident that resulted in more than 970,000 patients having their information exposed online for several weeks. Clancy reports that the breach has now led to a class-action lawsuit that could eventually…
Thinking about cybersecurity is great, but are you prepared for your building burning down?
Let’s not forget the physical threats to protected health information. This news report about a fire in Hillsdale, New York destroying the Hillsdale Healthcare medical practice should give you pause. Is this scenario anywhere in your risk assessment? Heather Bellow reports on the damage to a strip mall from the fire, but I’m going to…