For initial coverage, read this post. Updates: A threat actor, “Twister Canyon,” claims that MCG Health has made false claims about the incident. Their claims can be found in the Comments section under the original post. MCG Health was asked to respond to their claims but have not replied as of this June 14 posting….
Category: Health Data
OCR Presents: Recognized Security Practices Video Presentation
The HHS Office for Civil Rights (OCR) is producing a pre-recorded video presentation for HIPAA covered entities and business associates (regulated entities) on “recognized security practices,” as set forth in Public Law 116-321 (Section 13412 of the Health Information Technology for Economic and Clinical Health Act (HITECH). The statute requires OCR to take into consideration…
Choice Health Insurance notifying people after vendor error resulted in a data breach
On June 8, Choice Health Insurance began notifying people of a data breach caused by human error. According to their notification to the California Attorney General’s Office, they learned on May 14 that an unauthorized person was “offering to make available data allegedly taken from Choice Health.” In actuality, on May 9, the data had…
Yuma Regional Medical Center notifying approximately 700,000 patients of ransomware attack
KYMA reports: Yuma Regional Medical Center (YRMC) said it mailed letters to thousands of patients whose information may have been involved in a recent cybersecurity incident. On April 25, 2022, YRMC identified a ransomware incident affecting some internal systems. Upon detecting the incident, YRMC shared with News 11 it took immediate action, taking systems offline,…
WA: MCG Health notifies patients and health plan members of data breach (updated)
Seattle-based MCG Health, LLC (“MCG”) provides patient care guidelines to providers and health care plans. According to a notice on their website that was also issued as a press release yesterday, on March 25, 2022, they determined that an unauthorized party had previously obtained personal information about some patients and members of certain MCG customers….
Data breach lawsuits settle: UPMC vendor and a holding company for department stores
Two potential class action lawsuits involving data breaches have reportedly settled. One awaits final approval in October, but the other settlement is already final. University of Pittsburgh Medical Center data breach $450K class action settlement During April to June 2020, Charles J. Hilton PC (CJH), a firm hired by UPMC for billing services, allegedly suffered…