Delta County Memorial Hospital District (Delta Health) in Colorado was the victim of a cyberattack at the end of May 2024. Whatever happened — and the details still haven’t been disclosed — resulted in the provider notifying HHS on July 29 that it had suffered a breach, but the number was not yet known. The…
Category: Health Data
Cover-up Follow-up: Westend Dental starts notifying patients of October 2020 ransomware attack
In December, DataBreaches reported that the Indiana Attorney General’s Office had brought charges against Westend Dental for a number of HIPAA violations. The state had started investigating the dental practice after a patient complained about them not providing a copy of their records in response to a request. In looking into that complaint, the state…
Almost one year later, NorthBay Health notifies 569,012 people of breach of sensitive information
While some states are decreasing the amount of time entities have to notify the state or individuals of a breach, the reality is that many entities are nowhere near complying with even more lenient deadlines. HIPAA, for example, allows entities no more than 60 calendar days from discovery of a breach (the first day they…
Heart Centre Cyberattack in Australia, DragonForce Claims Responsibility for Sensitive Data Theft
SuspectFile reports: The healthcare sector continues to be a prime target for cybercriminal groups, with targeted attacks putting patient safety and medical information confidentiality at risk. The recent attack on Heart Centre, a network of cardiology clinics located in New South Wales, Australia, carried out by the DragonForce group, once again highlights the vulnerability of hospital IT…
Backdoor found in two healthcare patient monitors, linked to IP in China
Lawrence Abrams reports: The US Cybersecurity and Infrastructure Security Agency (CISA) is warning that Contec CMS8000 devices, a widely used healthcare patient monitoring device, include a backdoor that quietly sends patient data to a remote IP address and downloads and executes files on the device. Contec is a China-based company that specializes in healthcare technology, offering…
Exclusive: Apex Custom Software hacked, threat actors threaten to leak the software (1)
On January 20, the hackers known as 0mid16B tweeted, “At 7:40AM 20th Jan (US time), a US healthcare software provider has been hacked. All data in server has been deleted. 48 hours left before we publish all data.” The attached screenshot showed a listing of medications, but without any patient information attached. Two days later,…