Premier Family Medical in Utah is notifying 320,000 patients of a ransomware incident that they disclosed in August. The incident has now been posted on HHS’s public breach tool after the physician group notified HHS several days ago. In an August 30th notice on their website, practice explained that on July 8, they experienced a…
Category: U.S.
LinkedIn Can’t Block Analytics Company From Scraping Profiles
Wendy Davis reports: LinkedIn can’t rely on a 33-year-old anti-hacking law to prevent prevent the analytics firm HiQ Labs from mining data, a federal appellate court ruled Monday. The ruling, issued by a three-judge panel of the 9th Circuit Court of Appeals, leaves in place an injunction that requires LinkedIn to allow publicly available data…
Undisclosed number of Boy Scouts and their parents had their information exposed by Trails End
Katie Peralta reports: A partner of the Boy Scouts of America inadvertently exposed the personal information of children and their parents last month. What happened: Boy Scouts nationwide sell popcorn to raise funds for activities like camping trips — just like Girl Scouts sell cookies. To facilitate the sales process, Boy Scouts of America uses…
Oklahoma pension fund reports $4.2 million cyber theft
AP reports: The FBI is investigating after computer hackers managed to steal about $4.2 million in funds from a pension system for retired Oklahoma Highway Patrol troopers and other state law enforcement officers, state officials said Friday. A notice posted on the Oklahoma Law Enforcement Retirement System website said the agency notified the FBI and…
Unalaska recovers $2.3M after phishing email scam
Hope McKenney reports: More than $2.3 million dollars has been returned to the City of Unalaska, after a nearly two-month federal investigation into a fraudulent financial request. Between May 15 and July 9, the city paid out $2,985,406.10 to a fraudulent bank account as a result of a phishing email scam. The sender of the…
Alive Hospice’s breach notification required a second breach notification
It occasionally happens that a breach or incident response creates a second incident of its own. That seems to be the case with Alive Hospice, as this newest press release suggests, but does this require second notification to HHS/OCR? My first impression is that it would, but I’m interested to hear what HIPAA lawyers might…