James Kleimann reports: In a lawsuit filed last week, a mortgage brokerage claimed that one of its former loan officers stole a database containing client names and information and brought it with him to a new job at NEXA Mortgage. Smart Mortgage, which operates in Illinois, Indiana, Colorado and Florida, filed suit against former senior loan…
Category: U.S.
MEDNAX Services notifies patients of data breach
Another business associate under HIPAA has disclosed a breach. You may not recognize their name, but they may handle your medical group’s billing or other functions, so if you get a letter from “MEDNAX,” don’t just assume it’s a scam. Florida-headquartered MEDNAX Services, Inc provides revenue cycle management and other administrative services to physician groups. …
OCR Releases Its 2016-2017 Audit Report on Health Care Industry Compliance with the HIPAA Rules
Today, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) released its 2016-2017 HIPAA Audits Industry Report that reviewed selected health care entities and business associates for compliance with certain provisions of the HIPAA Privacy, Security, and Breach Notification Rules. The Health Information Technology for Economic and Clinical…
Suspected Russian hacking spree extended beyond SolarWinds users
Joseph Menn reports: The massive hacking campaign disclosed by U.S. officials this week and tentatively attributed to the Russian government extended beyond users of pervasive network software that had been compromised. “The SolarWinds Orion supply chain compromise is not the only initial infection vector this APT actor leveraged,” said DHS’s Cybersecurity and Infrastructure Security Agency,…
Ca: Olympia House notifying patients about ransomware attack discovered in early August
On August 10, DataBreaches.net reported that Olympia House, an alcohol rehabilitation and drug treatment center in Petaluma, California had apparently been attacked by NetWalker ransomware threat actors but had not responded to an inquiry by this site. By November 9, Olympia House still had not posted any statement on their site or press release, and…
Company that Provides Travel Emergency Services Settles FTC Allegations it Failed to Secure Sensitive Consumer Data
It feels like it’s been a while since we’ve seen an FTC data security case (well, apart from Zoom’s issues). Today, FTC issued a press release about a settlement stemming from SkyMed International’s misconfigured elastic search instance that exposed more than 130,000 people’s information. The exposed data were discovered by Jeremiah Fowler and reported in…