The Office of Inadequate Security
The following statement by the Information Commissioner’s Office concerns a devastating 2022 ransomware attack by LockBit3.0 on Advanced Computer Software Group (“Advanced”), an IT vendor for the UK’s National Health Service (NHS). Here is the ICO’s statement about Advanced: We have provisionally decided to fine Advanced Computer Software Group Ltd (Advanced) £6.09m, following an initial…
Although DataBreaches does not report on all incidents involving U.S. healthcare entities, a log is kept to calculate statistics for the annual Breach Barometer report produced by Protenus, Inc. For the month of July, DataBreaches noted the following six U.S. hospitals disclosed breaches or were claimed as victims by threat actors. Some of these incidents…
Lee Griffi reports on a hospital breach in Ontario: Woodstock Hospital officials have now released a few details about a reported privacy breach that occurred between January and May of this year. The hospital released a statement on social media late last week and has also sent letters to 56 patients who reportedly had their…
Marianne Kolbasuk McGee of HealthInfoSec poses a question about why Change Healthcare’s report to HHS indicated that 500 patients were affected when they already admitted that there were millions. Why use such a low placeholder instead of a higher number when it has been months since they discovered the breach and they must have some…
Over on Bleeping Computer, Lawrence Abrams reports that Cencora confirmed that protected health information was involved in the February cyberattack in its recent SEC filing, As DataBreaches previously reported, a number of Cencora—-Lash Group’s clients disclosed that personal and protected health information (PHI) was involved when they sent out notifications to their patients in May…
From OneBlood: OneBlood, the not-for-profit blood center serving much of the southeastern United States is experiencing a ransomware event that is impacting its software system. OneBlood is working closely with cyber security specialists, and also federal, state and local agencies as part of their comprehensive response to the situation. “OneBlood takes the security of our…