On Oct. 25, the Hive ransomware team notified Lake Charles Memorial Health System that they had been in their system for 12 days and had exfiltrated 270 GB of the hospital, employee, and patient data. As Hive informed the health system and DataBreaches, Hive had exfiltrated data but not locked it. They demanded $900,000 to…
Category: Health Data
“No need to hack when it’s leaking:” the “Here’s how you get a HIPAA complaint” edition
So… regular readers know that DataBreaches has occasionally reported on data security incidents in the healthcare sector that involved leaks due to misconfigurations of GitHub repositories, storage buckets, open directories, etc. Not all of this site’s attempts to disclose leaks responsibly have gone smoothly, as described in a collaborative paper written with Dutch researcher Jelle…
St. Rose Hospital patient data appears on hacking forum (UPDATE1)
On December 20, a listing appeared on a popular forum that offered documents allegedly from St. Rose Hospital in Hayward, California. The listing was not a sales listing but rather a “demo data pack” listing of what was described as documents from a leak. The total leak allegedly contains 1.7 TB of files with: Financial…
Ca: Doctor’s records improperly disposed
Patient records from a newly closed medical practice were not properly disposed of the privacy commissioner has ruled. Dr. Lalita Malhotra, who retired earlier this year, failed to have all records shredded by a company that deals in secure shredding and some ended up whole in a recycling facility. “Dr. Malhotra states that she accepts…
SickKids reports ‘cybersecurity incident’ affecting some phone lines and web pages
The Canadian Press reports: Toronto’s Hospital for Sick Children says it’s responding to a “cybersecurity incident” affecting some of its phone lines, web pages and clinical systems. The hospital says all patient care continues and there is currently no evidence that personal health information has been compromised. SickKids says it called the hospital code for…
Morley Companies data breach $4.3M class action settlement
Top Class Actions reports: Morley Companies Inc. has set aside $4.3 million to settle a class action lawsuit following a ransomware attack that compromised data from its clients and customers. The settlement class, which has been directly notified of the settlement, is defined as U.S. residents whose data was compromised during the data incident the…