The Office of Inadequate Security
As an update to the Florida Department of Health ransomware attack reported yesterday: On July 2, threat actors known as Ransom Hub had claimed to have exfiltrated 100 GB of files from the state agency. They threatened to leak it if the state did not pay their demands, but Florida law prohibits state agencies from…
On August 17, 2023, SouthCoast Medical Group (Southcoast Health) in Georgia notified HHS of a breach and posted a preliminary substitute notice on its website. At the time, they reported to HHS that 501 patients were affected, a marker for when an entity doesn’t yet know the actual number but knows it will be more…
Lawrence Mower, Romy Ellenbogen, and Christopher O’Donnell report: A hacker group claims it has breached the Florida Department of Health and gained access to a large amount of potentially sensitive data on Floridians. The RansomHub ransomware group said in a post on the dark web that it will release 100 gigabytes of department data unless the…
Lorenzo Franceschi-Bicchierai reports: On Tuesday, health tech services provider HealthEquity disclosed in a filing with federal regulators that it had suffered a data breach, in which hackers stole the “protected health information” of some customers. In an 8-K filing with the SEC, the company said it detected “anomalous behavior by a personal use device belonging…
As DataBreaches recently reported, in June 2023, SysInformation Healthcare Services d/b/a EqualizeRCM discovered a ransomware attack. One year later, we still don’t know how many clients and patients were affected. But SysInformation wasn’t the only entity that suffered a ransomware attack in June 2023 that hadn’t sent notifications by now. Florida Community Health Centers (FCHC)…
In April 2023, Brightside Health, Inc. reported a breach to HHS that affected 767 patients. The incident was coded as “unauthorized access/disclosure” of information located in “EMR, other.” HHS’s closing statement on the public breach tool described the incident this way: The covered entity (CE), Brightside Health, reported that an unauthorized individual accessed the protected…