Sometimes our first report of a data breach comes in an 8-K filing to the Securities and Exchange Commission. Such is the case with a breach affecting Community Health Systems, Inc. in Tennessee. In its 8-k filing of February 13, CHS discloses that they were recently notified by Fortra, LLC, a third party vendor of…
Category: Health Data
And two more class action settlements….
Electromed In August 2021, DataBreaches noted reports that Electromed had been hacked, and the incident affected employees and customers. Electromed later reported the incident to HHS as impacting 47,200 patients. According to subsequent disclosures, this was a ransomware incident that Electromed had discovered in June. In September 2021, a potential class action lawsuit was filed…
Medical records for 4,158 Garrison Women’s Health patients lost due to attack on IT vendor
Fosters reports: Medical records of Garrison Women’s Health patients were recently “subject to unauthorized third-party activity,” according to information released Friday evening by Wentworth-Douglass Hospital. For 4,158 patients, data such as appointment records and some personal health information cannot be restored, according to Adam Bagni, spokesperson for the hospital. The hospital states “there is no evidence” the information…
UMass Memorial Health settles lawsuit claims from 2020 hack
Another week, another litigation settlement. Top Class Actions reports that UMass Memorial Health Center agreed to pay $1.2 million to resolve claims it failed to protect consumers from a hacking incident and data breach that occurred from June 24, 2020 to January 7, 2021. UMass informed consumers of the breach in October 2021. The breach…
The Center for Autism and Related Disorders notifies patients after vendor’s error caused HIPAA breach
The Center for Autism and Related Disorders (“CARD”) has locations throughout the U.S. On January 24, it experienced a reportable breach when “as part of a recent update to its patient billing systems, the third-party vendor responsible for generating patient invoices incorrectly made a computer error which resulted in certain caregivers receiving an invoice for…
CISA Alert (AA23-040A): #StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities
Summary Note: This Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and various ransomware threat actors. These #StopRansomware advisories detail historically and recently observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to…