Group Health Cooperative of South Central Wisconsin (GHC-SCW) is a non-profit, member-owned health plan providing services to more than 80,000 members in Wisconsin. This week, they provided reports to HHS and the Maine Attorney General’s Office about a breach they previously disclosed in February. On January 25, GHC-SCW posted an announcement on its website that…
Category: U.S.
One year after breach, CCM Health notifies almost 29,000 patients
CCM Health in Minnesota provides health services through public hospitals and healthcare facilities. In a notification letter dated March 12, 2024, they informed patients that protected health information (PHI) may have been accessed and exfiltrated during an attack that occurred between April 3 – April 10, 2023. They do not reveal when or how they…
More Woes for Change Healthcare and Patients
Four months after law enforcement took down AlphV’s leak site and disrupted their operations, AlphV has not recovered. The damage from law enforcement in December was one factor. Then, in March, a self-described affiliate claimed that AlphV had gotten a $22 million payment from Change Healthcare OPTUM but had taken the money, suspended the affiliate’s…
Update: American Renal Associates Data Breach Exposes Over 37,700 Individuals: Medusa Exfiltrates 5TB+ Data
SuspectFile reports: The American Renal Associates (ARA) provides care to patients suffering from end-stage renal disease (ESRD) and is one of the largest dialysis service providers in the United States. In a previous article, we reported on the theft of PHI and PII data from the servers of American Renal Associates by the Medusa ransomware group, which…
Contract Class Certified in CareFirst Data Breach Lawsuit 9 Years After Legal Action was Initiated
Steve Alder reports: A lawsuit against CareFirst BlueCross BlueShield that was filed in response to a 2014 data breach has had a contract class certified by a federal judge, 9 years after legal action was initiated. The lawsuit can now proceed and more than 1 million plan members are a step closer to obtaining damages. In…
K12 SIX Applauds Launch of K-12 Education Cybersecurity Council
On March 28, 2024, the U.S. Department of Education—in coordination with the Cybersecurity and Infrastructure Security Agency (CISA)—held the kickoff meeting of the Education Facilities Subsector Government Coordinating Council (GCC), designed to facilitate formal, ongoing collaboration between all levels of government and the education sector on issues of K-12 cybersecurity risk management. Organized in response…