Is there anyone who thinks this timeline/delay to notification is just fine? On July 17, 2020, Acacia determined that an unauthorized person gained access to certain employee email accounts for a limited time between June 6, 2020 and June 12, 2020. Their investigation was inconclusive as to whether anyone accessed the emails and attachments in…
Category: Health Data
PA lawmaker wants state to review entire process that led to company’s contact tracing data breach
Rick Earle reports: A state lawmaker has requested the auditor general review the entire process that led to the awarding of that $30 million contract with Insight Global to do contact tracking in Pennsylvania. State Rep. Jason Ortitay, a Republican from Bridgeville, told Target 11 Investigator Rick Earle that this may be the only way…
Monongalia Health System hacked again? Second incident report in one year.
Monongalia Health System in West Virginia issued a press release this week about a data breach that impacted patients, employees, and contractors. It was the second incident reported by them in a one-year period. But was this incident unrelated to the first incident or related to it? It’s not yet clear, let’s back up to…
Conti and Karma actors attack healthcare provider at same time through ProxyShell exploits
I’ve occasionally seen evidence that one victim was hit by more than one group or threat actor, but Sophos provides the most detailed reporting I’ve ever seen on one such incident. Sean Gallagher takes us through the saga that impacted a healthcare provider in Canada hit by two separate ransomware groups — Karma and Conti….
JDC Healthcare Management issues second press release about malware incident last summer
On October 7, JDC Healthcare Management (Jefferson Dental Care) issued a press release concerning a malware incident discovered in August. At the time, they notified HHS that 501 patients were affected — a number that typically means “We know it’s more than 500 but we don’t have an exact count yet.” Today, they issued a…
LA: Spine Diagnostic & Pain Treatment patient files show up on ransomware site
It looks like we may need to add Spine Diagnostic & Pain Treatment to our list of medical entities hit by ransomware groups. Conti Team added the Louisiana provider to their leak site earlier today, dumping 3,351 files that they claim represent 30% of all the files they exfiltrated. Inspection of the files, which compromised…