Today’s reminder of the insider threat comes to us from the National Health Service in the U.K. Craig Meighan and Billy Gaddi report: A woman has been charged after Scots patients had their private medical records accessed during an NHS data breach. Reports suggest around 100 patients in NHS Lothian could have had their records…
Category: Health Data
Landmark civil penalty of AU$5.8 million issued under Australia’s Privacy Act
Charmian Aw, Melissa B. Levine, and Ciara O’Leary of Hogan Lovells write: On 9 October 2025 the Federal Court of Australia (the Court) imposed an AU$5.8 million civil penalty on Australian Clinical Labs Limited, one of Australia’s largest private hospital pathology service providers (the Company), for systemic failures that led to the unauthorised access to…
Safaricom-Backed M-TIBA Victim of a Possible Data Breach Affecting Millions of Kenyans
Linet Amuli reports: Kenya’s digital health sector is facing a major cybersecurity crisis after hackers claimed to have stolen a massive trove of personal and medical data from M-TIBA, a Safaricom-backed mobile health platform. The alleged breach, said to involve over 2.15 terabytes of information, could expose the records of up to 4.8 million users,…
Another plastic surgery practice fell prey to a cyberattack that acquired patient photos and info
Another plastic surgeon has become the victim of a cyberattack that involved patient information and photographs. On October 23, Michael R. Schwartz, MD, FACS, notified the California Attorney General’s Office that, on August 25, they became aware of remote, unauthorized access to one of their computers. Investigators found that an unauthorized party had accessed patient…
Two U.K. teenagers appear in court over Transport of London cyber attack
Neil Henderson reports: Two teenagers have appeared in court facing computer hacking charges in connection with last year’s cyberattack on Transport for London (TfL). Thalha Jubair, 19, from east London, and Owen Flowers, 18, from Walsall in the West Midlands, were charged with conspiring to commit unauthorised acts under the Computer Misuse Act. They appeared…
ModMed revealed they were victims of a cyberattack in July. Then some data showed up for sale.
Modernizing Medicine (“ModMed”) is a healthcare technology firm that provides Electronic Health Records (EHR) and practice management software to many HIPAA-covered entities. ModMed recently announced that on July 29, it discovered unauthorized activity in some of its computer servers. The servers in question contained data from some of ModMed’s podiatry clients, and the data was…