On May 10, when DataBreaches.net first reported that the American Medical Collection Agency had been breached, we reported that information from 200,000 payment cards had been found for sale on a top-tier market by Gemini Advisory analysts, whose investigation linked those cards to AMCA. At the time, we did not know how many other payment…
Category: U.S.
Premera Reaches Proposed $74M Settlement Over 2014 Breach of 11M
Jessica Davis reports: Premera Blue Cross reached a proposed $74 million settlement with the 11 million patients impacted by its 2014 breach, caused by a sophisticated cyberattack that lasted for nearly one year before it was discovered. In January 2015, Premera officials discovered the breach that began nearly a year earlier in May 2014. Premera, Premera…
Understanding When Business Associates Are Directly Liable Under HIPAA
Aimee Jachym and Samantha A. Kopacz of Miller Canfield PLC write: New guidance issued by the U.S. Department of Health & Human Services (HHS) Office for Civil Rights (OCR) reaffirms that business associates must have proper HIPAA compliance practices, safeguards and documentation in place in order to avoid costly penalties. OCR recently released a Fact…
The University of Chicago Medicine Exposed ‘Perspective Givers’ Database With More Than A Million of Records
Another Elasticsearch misconfiguration found by SecurityDiscovery. You can read about it here.
Update on American Medical Collection Agency breach: Almost 12 million Quest Diagnostic patients impacted
On May 10, DataBreaches.net broke the story of a medical collection agency breach involving American Medical Collection Agency. The breach had been discovered by Gemini Advisory, who informed this site that they had found approximately 200,000 patients’ payment card info for sale on a well-known marketplace. The cards had apparently been compromised between September, 2018…
Health Quest phishing incident in 2018 results in notification to patients, but why such a long delay?
Today’s Poughkeepsie Journal has a news story about a phishing incident that appears to have been discovered in July, 2018 that affected an unspecified number of Health Quest patients. From the available information, it sounds like Health Quest first discovered email attachments in January, 2019, and then it took them until April 2, 2019 to…