Superior Air-Ground Ambulance Service, Inc. {“Superior”) has locations in five states: Illinois, Indiana, Ohio, Michigan, and Wisconsin. On May 10, they notified HHS of an incident affecting 858,238 patients. A notice on their website explains that they discovered unusual activity in their network in May 2023. “On June 23, 2023, the investigation determined that an…
Category: U.S.
Tx: CentroMed discloses a second data breach within one year (UPDATE 1)
In August 2023, El Centro Del Barrio (“CentroMed”) reported a breach that affected 350,000 patients. The incident, which had been claimed by Karakurt threat actors in June, involved patients’ names, addresses, dates of birth, Social Security numbers, financial account information, health insurance plan member IDs and claims data. A check of Karakurt’s leak site today…
FTC Finalizes Order with Blackbaud Related to Allegations the Firm’s Security Failures Led to Data Breach
The Federal Trade Commission has finalized an order against Blackbaud Inc. settling allegations that its lax security practices allowed a hacker to breach the company’s network and access the personal data of millions of consumers including Social Security and bank account numbers. In a complaint first announced in February 2024, the FTC charged that the South Carolina firm,…
HHS launches $50M security initiative to thwart hospital ransomware
Chad Van Alstin reports: The U.S. Department of Health and Human Services (HHS) is launching a $50 million incentive program to encourage hospitals to improve their cybersecurity. Dubbed the Universal Patching and Remediation for Autonomous Defense—or UPGRADE—program, the initiative aims to speed up vulnerability detection and patch deployment through the creation of a platform that…
Utah Updates to Breach Notification Requirements Take Effect
Dorothy Parson McDermott of JacksonLewis writes: On May 1, 2024, amendments to Utah’s cybersecurity and data breach notification law took effect. The state’s cybersecurity and data breach notification law requires an organization that conducts business in the State of Utah to prevent the unlawful use or disclosure of personal information collected by the organization. Under…
SEC amends Reg S-P to require data breach notification within 30 days
Aaron Nicodemus reports: The Securities and Exchange Commission (SEC) will require broker-dealers and registered investment advisers to adopt written policies and procedures for handling data breaches of customer data and notify affected customers within 30 days. On Thursday, the SEC approved amendments to Regulation S-P, known as the safeguards rule. The rule requires covered entities to…