Aaron Sanderford reports: Nebraska on Monday became the first state to sue Tennessee-based Change Healthcare over the company’s massive data breach that cost at least 575,000 Nebraskans their personal information and medical records. … The breach was blamed on a low-level employee who had his or her login credentials hacked. Nebraska Attorney General Mike Hilgers…
Category: Health Data
Kitsap Mental Health Services breach impacted sensitive patient information (1)
Update: DataBreaches did not spot it earlier, but on December 12, Kitsap Mental Health Services posted a notice on its website about a cyberattack that it reportedly detected on October 17, 2024. Investigation revealed that on September 17 and between October 8, 2024, and October 19, 2024, there was unauthorized access to their network and…
Boston University and Feds Investigating Hacking of Framingham Heart Study Data
Molly Callahan reports: Boston University’s renowned Framingham Heart Study (FHS) was breached by hackers, who gained access to the data of participants—both living and deceased—of the country’s longest running, multigenerational heart study. BU officials say the hackers gained access to the study’s server, but that information technology specialists from BU and FHS were able to…
UT Southwestern Medical Center has disclosed at least four breaches since July 2023. Is HHS investigating?
How many patient data breaches can a covered entity have before HHS OCR opens a serious investigation into their compliance with the HIPAA Security Rule? According to DataBreaches’ count, UT Southwestern Medical Center in Texas has disclosed at least four breaches since July 2023. As a brief recap of the first three: In July 2023,…
No need to hack when it’s leaking, Canadian edition: Care1
Jeremiah Fowler discovered a non-password-protected database that contained more than 4.8 million records belonging to Care1 — a Canadian company offering AI software solutions to support optometrists in delivering enhanced patient care: The publicly exposed database was not password-protected or encrypted. It contained over 4.8 million documents with a total size of 2.2 TB. In a…
Hong Kong Privacy Commissioner’s Office Publishes Investigation Findings on the Electrical and Mechanical Services Department Data Breach
December 9 enforcement action by the Privacy Commission of Hong Kong: Data Breach Incident of the Electrical and Mechanical Services Department (EMSD) The investigation arose from a data breach notification submitted by the EMSD to the PCPD on 1 May 2024, reporting its suspicion that the personal data of members of the public in its possession was…