This report was published December 28, 2017, but I’m first seeing it today. Joe Dexter reports on the devastation Rockingham County Schools experienced after employees fell for a phishing email. The only good news, perhaps, was that personal information did not appear to have been acquired or exfiltrated: All it took was several downloads of…
Category: Phishing
Onco360 and CareMed Specialty Pharmacy Patients Notified of Data Security Incident
Update: This was reported to HHS/OCR as impacting 53,173 patients. Original post: There were a few press releases about breaches that appeared after 3 pm on the Friday of a three-day holiday weekend. This was one of them: A recent data security incident affected patients receiving services from Onco360 and CareMed Specialty Pharmacy. On November…
Florida officials: Hack exposed 30K Medicaid patients’ files
Jesse Byrne reports: Hackers might have accessed the medical records and other personal information of tens of thousands of Medicaid recipients in November, Florida official announced late Friday. Florida’s Agency for Health Care Administration (AHCA) said in a press release reported by The Associated Press that one of its employees was the “victim of a malicious phishing…
Colorado Mental Health Institute at Pueblo notified 650 patients after phishing incident
The Colorado Mental Health Institute at Pueblo is under the state’s Department of Human Services. On December 22, it issued a notice following discovery of a phishing incident that potentially affected 650 patients: The Colorado Mental Health Institute at Pueblo (CMHIP) experienced a potential data breach after a staff member on Nov. 1, unintentionally allowed…
TX: MMH announces ‘data security incident’ involving patient information
MRT reports that once again, compromising employee email provides access for attackers: Midland Memorial Hospital announced Tuesday there was a data security incident involving a limited number of patients’ personal information. […] The hospital became aware on Oct. 13 that an unauthorized third party may have obtained access to an employee’s e-mail account on or…
Clarion U. students notified after employees fall for phishing attack
Ron Wilshire reports: Clarion University was notified of an email compromise that occurred because of a criminal phishing scam that compromised two email accounts in the registrar’s office. The unauthorized individual or individuals had access to the accounts between October 7 and October 10. “Clarion University is committed to data integrity and privacy protection,” said Communication Manager…