Health Data – Page 19 – DataBreaches.Net

No need to hack when it’s leaking, Canadian edition: Care1

Posted on December 12, 2024December 12, 2024 by Dissent

Jeremiah Fowler discovered a non-password-protected database that contained more than 4.8 million records belonging to Care1 — a Canadian company offering AI software solutions to support optometrists in delivering enhanced patient care: The publicly exposed database was not password-protected or encrypted. It contained over 4.8 million documents with a total size of 2.2 TB. In a…

Hong Kong Privacy Commissioner’s Office Publishes Investigation Findings on the Electrical and Mechanical Services Department Data Breach

Posted on December 10, 2024December 10, 2024 by Dissent

December 9 enforcement action by the Privacy Commission of Hong Kong: Data Breach Incident of the Electrical and Mechanical Services Department (EMSD) The investigation arose from a data breach notification submitted by the EMSD to the PCPD on 1 May 2024, reporting its suspicion that the personal data of members of the public in its possession was…

HHS OCR settles charges that Inmediata Health Group exposed 1.6 million patients’ PHI online

Posted on December 10, 2024 by Dissent

The following announcement by HHS OCR stems from an accidental exposure of protected health information online that continued for several years. Inmediata’s incident resulted in a class action lawsuit that was settled for $1.1 million in 2022, and a settlement with 33 states for $1.14 million in 2023. HHS seems to be the first to…

Hudson Valley Health Care Facility Operator Fined $1.4M for Failing to Protect Patient Data; $850,000 suspended

Posted on December 10, 2024 by Dissent

Once again, we see a state attorney general taking data protection enforcement action against a healthcare entity when HHS hasn’t. The incident referred to below was reported to HHS’s public breach tool in December 2023, but there is no notation that any HHS investigation into it has been closed. From the NYS Attorney General’s Office,…

Watsonville Community Hospital still dealing with November cyberattack

Posted on December 8, 2024December 8, 2024 by Dissent

Watsonville Community Hospital in California is continuing to work through what they refer to as a cyberattack on November 29. The hospital’s network has been offline since then with staff reverting to “downtime” procedures using paper. The hospital has been able to continue to provide emergency, inpatient, and outpatient care but alerts patients that there…

Anna Jaques Hospital notifies 316,300 people about 2023 ransomware attack

Posted on December 7, 2024 by Dissent

On Christmas, December 2023, Anna Jaques Hospital (AJH) in Massachusetts was grappling with a cyberattack that knocked out their EHR system and resulted in them having to divert ambulances to other area hospitals. On January 23, they posted a preliminary website notice (archived) about the attack. That notice was posted four days after threat actors…