There’s an update to a breach reported on DataBreaches that involved both a business associate (Cotiviti) and insider wrong-doing by an employee of a subcontractor of the business associate (Visionary). Humana and Cotiviti agreed to a class action settlement to resolve claims they jeopardized consumer data in a 2020 data breach. The settlement benefits consumers…
Category: U.S.
TX: Methodist McKinny Hospital beat Karakurt to the punch by revealing attack quickly
Yesterday, Karakurt threat actors added the Methodist McKinny Hospital in Texas to their dark web leak site. They listed the hospital as a “pre-release,” which is their way of putting pressure on a victim — or trying to put pressure on a victim — to pay so their data is not leaked or auctioned off….
GA: Hacker disrupts systems at Forsyth County medical office
On July 25, Forsyth County deputies responded to reports that the computer system of a medical office had been hacked. According to a report, a practice representative told deputies they had been alerted by community partners that suspicious emails were being sent out through the practices email system. Read more at Appenmedia.com The news report…
US regulator urges MFA and puts banks on notice – not reasonably protecting data is illegal
Jim Nash reports: A U.S. consumer finance regulator has published a circular warning that insufficient security for consumer biometric and other personal data is illegal under federal law. Multi-factor authentication is singled out as a method of making data security sufficient. Anyone reading that who still thinks it will never happen to them is invited…
NY: Practice Resources, LLC notifies 942,138 patients after ransomware attack
On August 4, Practice Resources, LLC notified the California Attorney General’s Office that it had been the victim of a ransomware attack on April 12. They also notified HHS that 942,138 patients were affected by the breach (see below). The New York firm is a business associate that provides a variety of health management services,…
Florida Orthopaedic Institute settles lawsuit after 2020 ransomware incident
Top Class Actions reports that Florida Orthopaedic Institute, ooerated by the Musculoskeletal Institute, has agreed to pay $4 million to settle claims stemming from a 2020 ransomware attack. The incident was first disclosed in June 2020, and then reported to HHS on July 1 as affecting 640,000 patients. There is no notation in HHS’s public…