There’s an update to another distressing “shoot-the-messenger” story where a journalist was arrested for simply reporting on a breach that the government denied (previous background). Now Railly News reports: The incident was first brought to the agenda by journalist İbrahim Haskoloğlu in 2022. Haskoloğlu was subsequently arrested after reporting that citizens’ personal data had been…
Category: Health Data
Atrium apologizes after employees fall for phishing attack; patient info may have been exposed
Chase Jordan reports: Atrium Health is apologizing publicly and notifying patients who may have been impacted by a malicious email sent to employees in April, the company announced Friday. Social Security numbers may have been among the personal information exposed to the criminals, Atrium said. An unauthorized third party gained access to a group of…
Proposed $65 million Lehigh Valley Health Network data breach settlement may compensate some victims $80,000
In 2023, a ransomware attack against Lehigh Valley Health Network by AlphV (BlackCat) involved the threat actors leaking nude photos of some cancer patients. In reporting on one of the first class action lawsuits launched against LVHN, DataBreaches pointed out how significant this situation and litigation might be, in part, because of the nude photos…
Attleboro crisis pregnancy center stole data, tricked patients, lawsuit alleges
Beth Treffeisen reports: A women’s gynecological clinic in Attleboro is suing a neighboring crisis pregnancy center, accusing it of hacking its confidential online portal and misleading patients to prevent abortion. Four Women Health Services alleges that Attleboro Women’s Health Center, also named Abundant Hope Pregnancy Resource Center, broke computer fraud, consumer protection, and wiretapping laws…
Late Discovery: CMS and Wisconsin Physicians Service Insurance Corporation notify 947k of last year’s MOVEit data breach
Susan Morse reports: The Centers for Medicare and Medicaid Services and Wisconsin Physicians Service Insurance Corporation are mailing written notifications to 946,801 people whose protected health information or other personally identifiable information may have been compromised in a cyber breach. A security vulnerability was found in MOVEit software, a third-party application used in the transfer…
Online AI Mental Health and Addiction Treatment Provider Exposed Patient Data
For your “no need to hack when it’s leaking” files: Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password-protected database that contained thousands of records belonging to Confidant Health — an AI-powered platform offering mental health and addiction treatment. The database contained patient PII, psychosocial assessments including details about mental health or substance abuse,…