From HHS OCR: “On October 22, 2024, Change Healthcare notified OCR that approximately 100 million individual notices have been sent regarding this breach. ” As DataBreaches mentioned this morning on Infosec.Exchange, is that 100 million an interim update and we should expect another update with even bigger numbers, or is 100 million the total number…
Category: Health Data
US Healthcare at risk: Strengthening resiliency against ransomware attacks
Microsoft writes: The healthcare sector faces a rapidly increasing range of cybersecurity threats, with ransomware attacks emerging as one of the most significant. A combination of valuable patient data, interconnected medical devices, and small IT/cybersecurity operations staff, which spreads resources thin, can make healthcare organizations prime targets for threat actors. As healthcare operations become increasingly digitized—ranging…
Carolina Arthritis hit by ThreeAm ransomware attack
On Thursday morning, ThreeAM added Carolina Arthritis to its leak site. Some ransomware groups add a listing, post some claims and a few screencaps, and then give the entity a deadline to pay up, or they leak a bit of data and then give the entity a final deadline. ThreeAM doesn’t seem to work that…
Indian court tells Star Health to share details of leak so Telegram can delete chatbots
Reuters reports: An Indian court in the southern state of Tamil Nadu has told insurer Star Health to help Telegram identify data leaked via its messaging app so the chatbots can be deleted. The country’s biggest insurer with roughly $4 billion market cap approached the Madras High Court in the southern state of Tamil Nadu…
OnePoint Patient Care notifies almost 800,000 patients of August ransomware attack
On September 15, INC Ransom added OnePoint Patient Care to its leak site. The threat actors claimed to have encrypted the hospice dispensing pharmacy and pharmacy benefits management service’s files. It wasn’t long after that INC leaked all of the data. The Arizona-based provider notified HHS of the incident on October 14, reporting that 795,916…
Cardiology of Virginia patient data appears to be up for sale. Has the entity issued any statement at all?
On September 7, RansomHub added Cardiology of Virginia to its dark web leak site, claiming that about 1 TB of files had been acquired. DataBreaches assumes no payment agreement was struck as RansomHub subsequently leaked data, complete with a filelisting, youtube video, and other files. “For bulk archive and confidential data analyzes trough our own…