The following is part of the notice Village Senior Services Corporation d/b/a VillageCareMAX posted on their website. Note that the attacker was apparently requesting names and Medicaid ID numbers, which makes me wonder what the plan for misuse was — insurance fraud, perhaps? VillageCareMAX (“VCMAX”) is providing notice of an incident that may affect the…
Category: Phishing
PIH Health notifies almost 200,000 patients whose protected health information was sitting in employee email accounts that were compromised
Posted by PIH Health on their website on January 10, 2020: Notification of Data Security Incident January 10, 2020 – PIH Health has become aware of a data security incident that may have impacted personal information and protected health information belonging to certain current and former patients. On January 10, 2020, PIH Health notified potentially…
If states would only require — and then engage in — more transparency on breaches
Years ago, I had hoped more states would require breach notifications to central offices and that states would then share those reports with the public, much as New Hampshire had done. But things haven’t really become more transparent. Maryland and California remain positive examples of transparency, but New Hampshire’s site, while still available, has lost…
CA: Adventist Health Notifies 2,653 Patients After Phishing Incident
B. J. Hansen reports on a phishing incident that has resulted in Adventist Health Sonora notifying patients. According to the hospital, the incident was discovered on September 30, and an investigation was launched. On October 14, they discovered that the compromised associate’s account contained protected health information. The hospital’s notification states: Information that may have…
Texas school district loses $2.3 million from phishing scam
KSAT reports: Manor Independent School District, just east of Austin, is out of $2.3 million from a phishing scam. Investigators say the phishing email was sent to multiple people at the school district and it was a single person that responded. The money was sent through three separate transactions. Read more on KSAT.
Native American Rehabilitation Association of the Northwest reports Emotet attack
On January 3, the Native American Rehabilitation Association of the Northwest, Inc. (NARA NW) in Portland, Oregon announced that it experienced a cybersecurity incident November 4-5, 2019. The attack was described as a malware incident with Emotet malware injected when some employees fell for a phishing attack on November 4. The incident was recognized quickly…