An email DataBreaches received yesterday from an unrecognized account contained just one line – a link to a new listing on the D#nut Leaks ransomware group’s leak site about Montgomery General Hospital (MGH) in West Virginia. MGH is part of the Montgomery General Health Care System, Inc., which includes the hospital, Montgomery General Elderly Care, Montgomery…
Category: Breach Incidents
Today’s “Don’t Say ‘Ransomware’ Award” goes to….
DataBreaches probably sounds like a broken record after six years of calls for more transparency in breach notifications. Sadly, the situation has gotten worse in the past year. Not only do entities fail to admit they suffered a ransomware attack, but they fail to inform patients if the patient’s protected health information was leaked or…
“A crucial learning experience.” – ICO calls for highest standards in HIV services after NHS Highland reprimand
From the U.K.’s Information Commissioner’s Office (ICO): NHS Highland reprimanded for a “serious” data breach amongst those accessing HIV services ICO calls for higher standards when protecting data of people living with HIV Service providers could be fined or reprimanded for exposing sensitive data The Information Commissioner’s Office (ICO) has issued a reprimand to NHS Highland for…
Hospitals owned by Universal Health Services start filing breach reports about Adelanto HealthCare Ventures breach in 2021 (Update5)
Happening now: A number of hospitals are filing breach notices this week that appear to be linked to a breach at Adelanto HealthCare Ventures (AHCV) in 2021. The hospitals are all owned by Universal Health Services LLC (UHS). So far, DataBreaches has found McAllen Hospitals, LP d/b/a South Texas Health System, Doctors Hospital of Laredo,…
Illinois Gastroenterology Group settles class action litigation for undisclosed sum
There has been a settlement in litigation stemming from a breach previously noted on DataBreaches. Without admitting guilt or wrongdoing, Illinois Gastroenterology Group has agreed to pay an undisclosed sum to settle claims from an October 2021 data breach first disclosed in April 2022. The incident involved unnamed threat actors accessing and exfiltrating data on…
Norwegian data protection authority fines U.S. firm almost $240,000 for failure to notify within 72 hours
It’s encouraging to see breach notification deadlines taken seriously. The Norwegian Data Protection Authority has imposed a monetary penalty of NOK 2.5 million on Argon Medical Devices for breaching Article 33 (1) of the GDPR. That article requires controllers to notify the regulator of a personal data breach within 72 hours. According to Datatilsynet (the…