Another ransomware attack that could have been even worse, but the doctor’s office had backups and was able to restore from backup without paying the ransom demand — and their cyberinsurance policy helped pay for them notifying patients. The incident was reported to HHS by Dr. DeLuca & Dr. Marciano Eye Associates as affecting 23,578 patients. The…
Category: Breach Incidents
FABEN Obstetrics and Gynecology notifies more than 6,000 patients after ransomware attack
On November 21, the FABEN OB/GYN practice in Florida got infected with GandCrab ransomware. They do not disclose how that happened, but the problem was detected quickly. To mitigate any damage or risk, FABEN decided to delete the infected files and restore files from backups. But they didn’t have backups of all files. Any files…
DHS: Emergency Directive 19-01
From the Department of Homeland Security: January 22, 2019 Mitigate DNS Infrastructure Tampering This page contains a web-friendly version of the Cybersecurity and Infrastructure Security Agency’s Emergency Directive 19-01, “Mitigate DNS Infrastructure Tampering”. Section 3553(h) of title 44, U.S. Code, authorizes the Secretary of Homeland Security, in response to a known or reasonably suspected information…
Valley Hope Association notifies patients after employee email hack
Note: VHA’s notice on their web site emphasizes that no diagnostic or treatment information was exposed. Given the nature of this provider, that will be a relief to many patients. Because this incident is not yet posted on HHS’s public breach tool, we do not yet have the number being notified. The following is VHA’s…
Ouch: Patient records found years later in his home by a former spouse of a former Hanger Clinic employee
Hanger Clinic in Florida posted the following undated notice on their site. DataBreaches.net had emailed them to ask when the notice was issued and how many patients were notified, but has received no reply as yet. Nor is this incident on HHS’s breach tool as of the time of this posting: This Notice applies only…
U.S. authorities charge several people in SEC hacking scheme
Jonathan Stempel reports: U.S. authorities on Tuesday charged several individuals and companies in a scheme to trade on information in nonpublic corporate press releases by hacking into a U.S. Securities and Exchange Commission database. In a filing with the U.S. District Court in Newark, New Jersey, the SEC said individuals in the United States, Russia…