Jim Ruble writes: In January 2021, a nationwide mail-order pharmacy located in Massachusetts experienced a data breach. The pharmacy discovered the breach in May 2021 and investigated to determine its scope. Personally identifiable information (PII), including names and Social Security numbers for more than 75,000 customers, was breached. In February 2022, 9 months after the…
Category: Health Data
Patient death at London hospital linked to cyber attack on NHS
Rebecca Whittaker reports: The death of a patient has been linked to a cyber-attack on the NHS last year. Cyber criminals attacked two major NHS trusts causing more than 1,000 cancer treatment delays, 2,000 outpatient appointments to be cancelled and more than 1,000 operations postponed. King’s College Hospital NHS Foundation Trust said on Wednesday; a patient died during the cyber…
From $5,000 to $800,000: Days Apart, OCR Security Settlements Show Puzzling Math
More great reporting and analysis by Therese Defino of the Health Care Compliance Association (HCCA): A single incident that may have started as a personal vendetta or an extortion threat seven years ago has cost a Florida health care system $800,000, and comes on the heels of an unrelated breach suffered by a different hospital…
Marquette County Medical Care Facility discloses data breach
Marquette County Medical Care Facility (MCMCF) has issued a statement about a breach they discovered in March 2025. On March 3, 2025, MCMCF became aware of the business email compromise incident when contacts of MCMCF’s Human Resources director began receiving phishing emails from her Microsoft Office 365 (O365) account. The types of information involved included…
McLaren provides written notice to 743,131 patients after ransomware attack in July 2024 (2)
On August 5, 2024, McLaren Healthcare became aware of suspicious activity affecting McLaren Health Care and Karmanos Cancer Institute computer systems. In an early statement about the incident, McLaren indicated that the attack affected IT systems across its 13 hospitals, cancer treatment centers, surgery centers, and clinics. In an August 12 update, McLaren reported that…
Aflac notifies SEC of breach suspected to be work of Scattered Spider
On June 20, Aflac notified the SEC of unauthorized access to its network: On June 12, 2025, Aflac Incorporated, a Georgia corporation (the “Company”), identified unauthorized access to its network. The Company promptly initiated its cybersecurity incident response protocols and believes that it contained the intrusion within hours. The Company’s business remains operational, and its…