UPDATE of January 16, 2025: I am stunned by the response to this post and the number of people asking me how they can file a claim or get help. This breach was in 2017. If you never filed a claim when the settlement was open for claims, it’s too late to file now. Read…
On March 25, DataBreaches entered Teton Orthopaedics’ name on a monthly worksheet this site uses for tracking breaches in the healthcare sector. The entry wasn’t based on any report by Teton Orthopaedics or media, and DataBreaches had been unable to find any notice by the provider. The entry was based on a claim by the…
Note: In 2019, when USR Holdings disclosed this breach to affected patients, they did not mention that ePHI had been deleted. So in 2025, we are first learning of this part of the breach? The following is HHS OCR’s press release today. Settlement resolves multiple Security Rule failures Today, the U.S. Department of Health and…
Yesterday, PowerSchool disclosed that on December 28, it had become aware of a data breach that affected some, but not all, of its PowerSchool clients. PowerSchool Student Information System (SIS) is used by school districts worldwide to help schools manage student educational records including grades, attendance, and enrollment. Emails were sent to all PowerSchool clients…
From the “Wait-What-Happened-Here Dept:” On October 19, the Black Suit ransomware group announced that they had attacked Rutherford County Schools in Tennessee. Their listing, posted on their dark web site, included what appears to be an indication of what data and how much data they were able to exfiltrate. It did not indicate whether they…
For many years, the FTC has published guidance for businesses to Start with Security. Their advice has always included having a clear way to receive security alerts about vulnerabilities. That advice has been repeated in all updates, including their 2023 version. Why do I mention that now? Because once again, attempts to warn a company…