On May 24, the Vascular Center of Intervention (VCI) in California submitted a breach notification to California and posted a substitute notice on VCI’s website. The notification, signed by Dr. James Lee, states that on March 29, VCI became aware of unusual activity on its network. An investigation revealed that some patient-related files had been…
Category: Breach Incidents
Norton Healthcare didn’t call it a ransomware attack. Then BlackCat claimed responsibility for it.
On May 20, DataBreaches reported that Norton Healthcare in Kentucky and Indiana had disclosed what sounded like a ransomware incident that they discovered on May 9, but they never called it a ransomware incident, even though they stated that they had received faxed threats and demands. Today, AlphV (BlackCat) claimed responsibility for the attack and…
Apria Healthcare notifies 1.2 million patients of hacking incidents in 2019 and 2021
HIPAA requires that covered entities notify HHS and affected patients of a reportable breach within 60 calendar days of discovery of a breach. Exceptions are made if law enforcement asks an entity to delay notification so as not to interfere with an investigation, but such requests are infrequent. So why are we first finding out…
Update: NCB Management Services breach affected more than 1 million, but how many more? (1)
On April 11, DataBreaches reported that a breach involving NCB Management had affected 494,969 Bank of America customers with past-due credit card accounts. At first glance, it appeared that the Pennsylvania collections firm had reported the breach to the Maine Attorney General’s Office, but closer attention revealed that it was Bank of America’s external counsel…
Bits ‘n Pieces (Trozos y Piezas)
CO: SECOP II platform affected by “presumed hacking” The SECOP II platform is a transactional platform with accounts for state entities and contractors used for submitting, evaluating, and awarding contracts. On May 3, La Agencia Nacional de Contratación Pública – Colombia Compra Eficiente reported a cyberattack on its SECOP II platform. The attack was announced…
Peachtree Orthopedics alerts patients to cyberattack; third patient data breach in seven years
An Atlanta clinic alerts patients to at least its third incident involving patient data in seven years. Karakurt threat actors recently added Peachtree Orthopedics in Atlanta (Peachtree Orthopaedic Clinic, P.A.) to their leak site. As often seems to be the case with Karakurt listings, the date on Karakurt’s post is somewhat confusing, and they make…