Phil Muncaster reports: An NHS trust has been reprimanded by the UK’s data protection regulator after it was discovered that staff had been sharing patient details on an unapproved app for two years. Some 26 staff at NHS Lanarkshire accessed the WhatsApp group between April 2020 and April 2022, entering sensitive patient data including names,…
Category: Health Data
PHI Database: Portal for Health Informatics – IIIT Delhi shared on Cyber Crime Forum
Seen on CloudSEK: CloudSEK’s contextual AI digital risk platform XVigil has discovered a post on an English speaking cybercrime forum, sharing a database of PHI-IIIT Delhi for Forum credits. A total of 82 Databases were compromised and leaked data. Read more at CloudSEK.
Discovery at Home notifies patients after phishing incident
Discovery at Home provides senior home healthcare services to seniors in Florida and Texas. On July 31, they issued a website notice about a phishing incident they discovered on June 1. As they describe it, the scheme resulted in the transmittal of personal health information to an unauthorized third-party sender. Elements of personal information that may…
Gallivan notifies University of Guelph students of Fortra breach 4 months later
Daniel Caudle reports: The provider of health, dental, and wellness benefits at the University of Guelph (U of G) has begun notifying students of a data breach which included access to personal information. A post on the Central Student Association’s website says Gallivan, the provider of those plans, began sending notifications via email this week. CTV News…
MHMR Authority of Brazos Valley provides notice of ransomware attack last November (1)
On December 22, 2022 DataBreaches added MHMR Authority of Brazos Valley to our non-public breach worksheet. Based on information at that time from Hive threat actors, it appeared that the non-profit Texas mental health and substance abuse treatment provider’s files had been locked on November 5. Their listing on Hive’s leak site was a sure…
The Chattanooga Heart Institute to notify 170,450 about March “data security incident”
In May, DataBreaches dutifully noted The Chattanooga Heart Institute (CHI) on our non-public worksheets. At the time, all we knew was that Karakurt threat actors had claimed to have attacked them and to have exfiltrated 158 GB of data. There was no proof of claim offered, but Karakurt wrote: Employees and patients’ private data will…