From the Office of Information Security / HHS and the Health Sector Cybersecurity Coordination Center: Data Exfiltration Trends in Healthcare March 9, 2023
Category: Health Data
Bone & Joint Clinic reports “network disruption” caused HIPAA breach of employee and patient information
Update of March 16: This was reported to HHS as affecting 105,094 patients. Bone & Joint has not replied to DataBreaches’ inquiry as to whether this was a ransomware incident or not. The Bone & Joint Clinic in Wisconsin has notified current and former employees as well as current and former patients of a data…
3,400 death registry records accessed in Hawaii Department of Health data security breach
We do not see many breach notifications from Hawaii, but KHON made us aware of this reminder to disable access when an external employee terminates employment: HONOLULU, HI – The Hawai‘i Department of Health (DOH) will send out notification letters regarding unauthorized access to the DOH Electronic Death Registry System (EDRS), by the end of…
Capitol Hill data breach more ‘extensive’ than previously known
Sean Lyngaas reports: A sweeping cybersecurity breach of congressional members’ private information was more extensive than previously known and affects not only House lawmakers and their staff but also Senate employees. The Senate sergeant-at-arms alerted Senate staff about the breach Thursday in an email obtained by CNN. The compromised data is “extensive,” and includes sensitive data such…
Cerebral Inc. notifying 3,179,835 patients of tracking technologies breach
Cerebral Inc. has notified HHS of a breach affecting 3,179,835 individuals. They are the latest entity to report a breach due to exposing personal or protected health information data through tracking analytics. According to April Strauss, Esq.: On March 6, 2023, Cerebral began sending emails to users of its platforms, admitting that it uses pixels…
Asante Notifies More than 8,800 Patients Whose Records Appeared to Be Inappropriately Accessed by a Physician
Asante provides healthcare services in southern Oregon and northern California. On February 28, it issued a notice about an insider-wrongdoing incident. As they describe it on their site, they became aware of a concern that a doctor with admitting privileges, Dr. Paul Hoffman, may have accessed a number of patients’ records without a valid clinical…