El Camino Health is investigating a possible data breach involving patient data, but whose breach is it? On February 22, DataBreaches received a tip about a listing offering patient data allegedly from El Camino Health in California. The listing was not on any of the usual leak sites, markets, or forums, and the poster was…
Category: Health Data
Orlando Family Physicians data breach class action settlement
TopClassActions reports that a class action lawsuit against Orlando Family Physicians (OFP) has settled for an undisclosed sum. The settlement, which doesn’t include any admission of guilt by OFP, resolves claims surrounding an April 2021 data breach. The breach reportedly occurred when four OFP employees fell prey to a phishing attack. Although the attack was…
Romanian entities issued monetary penalties for infosecurity and data protection failures
Regulators in Romania have issued monetary penalties to six Romanian entities for insufficient technical and organizational measures to ensure information security. Two other entities were issued fines for other GDPR violations. The fines for insufficient technical and organizational measures ranged from 1,000 to 10,000 euros. Two of the entities were in the medical center. A…
New threat group hacked EU healthcare agency and embassies, researchers say
Jonathan Greig reports: A new hacking group is targeting European countries and organizations in an espionage campaign that began in June 2022, according to new research. Cisco’s Talos cybersecurity team calls the new group “YoroTrooper” and said it has already successfully compromised accounts connected to a “critical” European Union healthcare agency and the World Intellectual…
Independent Living Systems updates its breach disclosure; notifying more than 4.2 million patients
In September 2022, Independent Living Systems LLC (ILS), a business associate in Florida, notified HHS and regulators of a network incident that affected 501 patients. They also provided public notice, but were unable to identify and notify all individuals who had been affected. The “501” was simply a marker to indicate “more than 500.” The…
AllCare Plus Pharmacy notifies 5,971 patients of phishing incident last year
AllCare Plus Pharmacy, Inc. is an IQVIA business in Massachusetts. This week, they notified the Maine Attorney General’s Office of a phishing incident that affected 5,971 patients. According to their notification, on June 21, 2022, AllCare discovered that some employees had received phishing emails. Their investigation revealed that some of the employees’ accounts had been…