On September 1, a listing on a dark web site by a group calling themselves Don#t_Leaks named MonarchNC as a victim. The listing did not appear for long. The only “proof” offered at the time was a filetree and a screencap of what might be an index of an inbox showing monarchnc.org domain in email…
Category: Health Data
Are Data Breach Class Action Lawsuits Protecting Patients?
Marianne Kolbasuk McGee reports: The prospect of class action lawsuits being filed in the aftermath of a major data breach often has more impact on breached healthcare organizations than the potential for fines and enforcement actions by government regulators, says attorney Jeff Westerman of Westerman Law Corp. With all the legal expenses and time involved…
Attack on the Azienda Ospedaliera di Alessandria hospital: additional details on the case
Marco A. De Felice prefaces his reporting on a Ragnar_Locker attack with this message: For ethical reasons we did not want to spread the news of the attack on the hospital’s IT infrastructure before the news became public knowledge. Indeed, on December 20, SuspectFile had already become aware of the ransom note written by the…
CommonSpirit Gets Restraining Order in Missing Patient Info Suit (UPDATED)
Holly Barker reports: CommonSpirit Health, one of the country’s largest nonprofit health systems, convinced a federal judge in Texas to order a medical technology vendor to return hundreds of thousands of medical records it was sent to archive. The US District Court for the Northern District of Texas’s order directs Emerge Clinical Solutions LLC to…
Updating Scripps Health ransomware incident: litigation settlement
Dorian Hargrove of CBS reports that Scripps Health has agreed to pay more than $3.5 million dollars to victims of a ransomware attack in 2021 that compromised the personal information of more than one million patients. More than 1 million patients? At the time, Scripps had reported that it was notifying 147,267 patients, and that…
Updating the Lake Charles Memorial Health System data breach
On Oct. 25, the Hive ransomware team notified Lake Charles Memorial Health System that they had been in their system for 12 days and had exfiltrated 270 GB of the hospital, employee, and patient data. As Hive informed the health system and DataBreaches, Hive had exfiltrated data but not locked it. They demanded $900,000 to…