John Beauge reports: The man accused of downloading protected information of more than 1.2 million Geisinger Health System patients in 2023 will defend himself at his criminal trial. U.S. Middle District Judge Matthew W. Brann granted the motion of Max Vance to proceed pro se but assigned assistant public defender Gerald A. Lord as standby…
Category: Breach Incidents
Episource notifying 5.4 million patients of cyberattack in January
Episource, LLC, is a business associate that provides healthcare technology and solutions, specializing in medical coding, risk adjustment, and data analytics for health plans and providers. On February 6, anomalous activity in their system alerted Episource to a potential attack. In response, they shut down computer systems, initiated an investigation, called in a special team,…
Investigation of 2024 Helsinki data breach – Report
There’s a follow-up to the Helsinki incident affecting hundreds of thousands of children and adults in 2024. The government has finished its investigation and published its findings and recommendations. From their press release: The City of Helsinki’s Education Division (KASKO) was targeted by a serious data breach in spring 2024. As a consequence of the…
UPDATING: Credit Control Corporation denies any current breach
Update: And this is why we said “allegedly” and “unconfirmed.” CCC responded to yesterday’s inquiry with the following reply: Credit Control Corporation is not currently the subject of any data breach or security incident referenced in your message. The original post appears below for context. A seller on a forum claims to have data on 9.1…
Sentara Health terminates remote employees after realizing they couldn’t be sure who was doing the work.
Hiring employees who work remotely can pose additional challenges for security and compliance with regulations. In March, Sentara Health disclosed an incident concern that resulted in the notification of 1,620 patients. They described the concern this way: In December, the Sentara Health’s Lab Services department hired an individual to process lab requisitions. Lab requisitions are…
Plastic surgeons often store nude photos of patients with their identity information. When would we call that “negligent?”
Claims of “negligence” are often raised in lawsuits. DataBreaches is not a lawyer, of course, but wonders whether by now, we should consider a plastic surgeon “negligent” in their data security if they store nude photos of their patients with patient names and identity information in plain text and no strong encryption or suitable alternative…