The News Tribune reports that the Capital Region Medical Center in Missouri has started notifying patients whose protected health information (PHI) was accessed during a ransomware incident in December, 2021 that left their phone systems and network down for several days. CRMC had disclosed the incident promptly but had not been able to immediately determine…
Category: U.S.
Altoona Area School District data shows up on dark web months after cyberattack
Nicole Fuschino reports: A.A.S.D. Superintendent Dr. Charles Prijatelj said this morning that back in early December of last year the school had an attack on their “routing server” after which they started working with a high-end security software on all of the district servers. However, this week district administration was contacted by employees saying they…
After delaying notification so as not to interfere with criminal investigation, GreenSlate makes notification of data breach
GreenSlate is notifying employees of some of its clients about a breach involving a rogue Canadian employee. According to their notification template submitted to the California Attorney General’s Office, on December 22, 2021, the firm’s security team detected that between December 10 and December 15, 2021, an employee in Canada had downloaded scanned paperwork and…
Protenus releases the 2022 Breach Barometer report on health data breaches: More than 50 million affected
Protenus, a healthcare compliance analytics company, has released its annual Breach Barometer report. Protenus has been making its annual report on health data incidents freely available since 2016 as the result of an ongoing collaboration between the firm and DataBreaches.net. DataBreaches.net compiles incidents and provides some of their statistical analyses and is compensated for its…
Unable to determine what files were accessed, Norwood Clinic notifies all 228,103 patients
Norwood Clinic in Birmingham, Alabama is notifying 228,103 patients of a hacking incident that left them unable to determine what, if anything, had been accessed. In a notification to the Maine Attorney General’s Office, the clinic’s external counsel reported that the breach began on September 20 and was discovered on October 22. The types of…
Update: Central Indiana Orthopedics notifying 83,705 of October data breach
In October, 2021, this site reported that Central Indiana Orthopedics (CIO) had promptly disclosed a data security incident involving Grief threat actors. This week, CIO’s external counsel notified the Maine Attorney General’s Office about the incident, reporting that 83,705 patients were impacted, total. Types of information involved included name, address, Social Security number, and limited…