Natalie Akoorie reports: The Waikato District Health Board was warned its IT security was inadequate and severely compromised just months before a massive ransomware attack that brought Waikato Hospital to its knees. The internal cyber security document dated December last year also warned that a lack of training meant staff posed an unintentional threat to…
Category: Health Data
NJ Acting AG Bruck Reaches Settlement with Two Printing Companies over Improper Disclosures of Protected Health Information
The following press release concerns breaches that occurred five years ago. NEWARK – Acting Attorney General Andrew J. Bruck and the Division of Consumer Affairs today announced that two printing companies have agreed to pay $130,000 in penalties and to implement new security policies to resolve allegations they violated the New Jersey Consumer Fraud Act (CFA)…
N.L. patient, employee data stolen in health-care cyberattack
Alex Kennedy reports: Hackers stole personal information connected to both patients and employees in the Eastern Health and Labrador-Grenfell Health regions of Newfoundland and Labrador’s health-care system as part of a recent cyberattack, according to officials. The information was accessed through the province’s Meditech data repository, which includes a patient information database as well as…
Some Florida Heart Associates data appears on dark web after ransomware attack earlier this year
In July, this site noted a May, 2021 ransomware incident that significantly impacted Florida Heart Associates. In July, they notified HHS that 45,148 patients were impacted. Now this week, we learned that it was Pysa threat actors who had attacked them, and they have now dumped some of the data. Pysa’s dump is a little…
Maxim Healthcare notifies patients of breach that occurred in October, 2020
On November 4, Maxim Healthcare Group, including Maxim Healthcare Services and Maxim Healthcare Staffing (collectively “Maxim Healthcare”) issued a press release about a breach — a press release they describe as issued “out of an abundance of caution.” That sounds like they had an option not to disclose. I would think that they were required…
Two providers in Colorado and Alabama report breaches, and a benefits administrator in Georgia also reports a cyberattack
The Urology Center of Colorado (TUCC) On September 8, TUCC detected an attack that began September 7. Their investigation revealed that patients’ name and one or more of the following data elements may have been date of birth, Social Security number, address, phone number, email address, medical record number, diagnosis, treating physician, insurance provider, treatment…