Two recent breaches involving plastic surgery practices in California have leaked patient data. One of the breaches is by a well-known group that has done such things before. The other incident is by an unnamed individual or group. Both leaks contain some sensitive private images or videos in addition to patient data. On June 21,…
Category: Health Data
BlackCat adds a community behavioral health center in Alabama to its leak site (UPDATED)
AlphV (aka BlackCat) threat actors have added Highland Health Systems in Alabama to their leak site. As proof of claims, they have leaked a number of files with employee and patient data or information, including part of a psychiatric intake form with a narrative from 2008. Other files are more current. Highland Health Systems is…
Hillsborough notifies 70,000 of potential data breach in health, aging services
C. T. Bowen reports: Hillsborough County has notified more than 70,000 people that a global data breach may have put their personal information at risk. The breach involved the MOVEit file transfer tool, a third-party service that complies with federal Health Insurance Portability and Accountability Act (HIPAA) regulations. The breach also may have affected 106…
8Base claims to have stolen patient data and employee info from Kansas Medical Center
While LockBit was adding one physician-owned medical entity to its leak site, a relatively new group known as 8Base was adding another physician-owned medical entity to its own leak site. 8Base claims to have attacked Kansas Medical Center on June 18 and to have downloaded data on July 11. They claim they will publish the…
Another business associate attack results in theft of patient data — Panorama Eyecare
Panorama Eyecare in Colorado is a physician-owned firm providing business associate services to vision care providers: Earlier today, the firm was added to LockBit’s leak site with a claim that 798 GB of data had been exfiltrated from four of the firm’s clients: Eye Center of Northern Colorado Denver Eye Surgeons Cheyenne Eye Clinic &…
Lawsuit against cardiology practice alleges fraudulent charges from data breach
In many potential class action lawsuits stemming from a data breach, none of the named plaintiffs may have experienced any concrete injury such as identity theft or fraud that could plausibly linked to the breach. Here’s a lawsuit where’s the plaintiffs report concrete injury. Whether they will be able to link it to the particular…