The Office of Inadequate Security
Some former employees of Granite School District in Utah are reporting frustration and anger with the district’s incident response to an attack by the Rhysida group. One has written up what he found when he examined the publicly leaked data. On September 20, 2024, Granite became aware of suspicious activity on its network. An investigation…
Update: DataBreaches did not spot it earlier, but on December 12, Kitsap Mental Health Services posted a notice on its website about a cyberattack that it reportedly detected on October 17, 2024. Investigation revealed that on September 17 and between October 8, 2024, and October 19, 2024, there was unauthorized access to their network and…
How many patient data breaches can a covered entity have before HHS OCR opens a serious investigation into their compliance with the HIPAA Security Rule? According to DataBreaches’ count, UT Southwestern Medical Center in Texas has disclosed at least four breaches since July 2023. As a brief recap of the first three: In July 2023,…
KillSec3 is a ransomware group, but is it really encrypting its victims these days? Recent data suggests that its affiliate(s) may be trying to extort victims using data that has already been publicly leaked. The following was researched and written by Dissent Doe, JayeLTee, and a third researcher who prefers to remain in the shadows….
On Christmas, December 2023, Anna Jaques Hospital (AJH) in Massachusetts was grappling with a cyberattack that knocked out their EHR system and resulted in them having to divert ambulances to other area hospitals. On January 23, they posted a preliminary website notice (archived) about the attack. That notice was posted four days after threat actors…
Not all monetary penalties are for breaches affecting large numbers of patients. In this case, HHS imposed a penalty on an entity that had breaches in both 2017 and 2020. DataBreaches notes that the 2017 incident affected 3,370 patients, and the 2020 incident affected 2,553 patients — as reported to HHS at the time. Today,…