Sometimes, an incident that doesn’t appear to require notification may require notification under HIPAA. In an August, 2018 incident reported on The Elkhart Truth that involved Goshen Health, the health system originally determined that no notification was required, but when forensic investigators came in months later and looked for any information that might have been…
Category: Breach Incidents
Sarrell Dental notifies almost 400,000 patients after ransomware attack
Sarrell Dental in Alabama notified HHS on Sept 12 of an incident impactng 391,472 patients, but their report did not get posted right away, which may explain why this incident has pretty much flown under the media radar. According to Wikipedia, Sarrell Dental and Eye Centers, is a non-profit orgranization and the largest dental provider in…
Attackers Combine Attacks Against RDP with Ransomware
Fahmida Y. Rashid writes: Ransomware attacks are increasingly using the Remote Desktop Protocol as the initial entry vector, taking advantage of the fact that many enterprises struggle to balance the risks of exposing RDP and the advantages of being able to access machines in multiple locations. The Institute for Critical Infrastructure and Technology highlighted the…
MY: Health Ministry investigating leak of patient records
Sira Habibu reports: KUALA LUMPUR: The Health Ministry is investigating reports of a data leak involving the patient records of nearly 20,000 Malaysians. […] He was responding to the Sept 16 report by Greenbone Network report claiming that information on 19,992 radiological reports from Malaysia was freely accessible on computer servers worldwide. Read more on…
Little Rock Plastic Surgery releases statement after internal HIPAA breach
KATV reports: A Little Rock plastic surgery clinic released a statement on Friday about a HIPAA breach that happened in July. According to a statement from Little Rock Plastic Surgery, it was discovered on or about July 15, 2019, that a nurse downloaded reports, photos, and other information that contained Protected Health Information of several…
Credit card data from Russell Stover breach shows up for sale on the dark web
In an August 30th press release, posted previously on DataBreaches.net, chocolatier Russell Stover disclosed that point-of-sale (POS) terminals in their retail stores appeared to have been compromised by malware. Online customers were reportedly not at risk, but based on its investigation up until that date, they believed that the attacker may have been able to…