Mike Tweed reports: Whanganui District Health Board has apologised for a privacy breach that accidentally disclosed the email addresses of about 200 people. The health board has been inviting people in Group 3 for their Covid-19 vaccine via text, letter and email, but last week an email was sent without the use of the blind…
Category: Health Data
Spanish King’s health info exposed due to vulnerability in COVID certificate portal
Katie Harris reports: King Felipe VI of Spain’s health data has been exposed in a security breach, insiders fear. The royal was among thousands affected by the computer security failure of the Madrid health system. The breach meant people’s private data such as their telephone number, social security number and address could be accessed by…
HHS warns health systems of PACS security vulnerabilities — again
Mike Miliard reports: The U.S. Department of Health and Human Services is warning hospitals and health systems that a security vulnerability in picture archive communication systems, first discovered two years ago, is a problem that needs fixing now. WHY IT MATTERS In 2019, cyber researchers found a flaw in some PACS that, if exploited, could…
The Waikato DHB breach: What do NZ regulations consider reasonable security?
DataBreaches.net reports on breaches from many countries, including New Zealand. On my companion site, PogoWasRight.org, I’ve posted approximately 200 news stories about privacy incidents there, their privacy laws, and decisions by their privacy commissioner. And on this site, I’ve posted almost 200 more articles about breaches impacting New Zealand. But when the Waikato District Health…
PracticeFirst notifies patients and employees after ransomware incident
Yesterday, Professional Business Systems, Inc. d/b/a Practicefirst Medical Management Solutions and PBS Medcode Corp., a medical management company that processes data for health care providers, issued a press release about an incident that occurred last year. From their release: What Happened? On December 30, 2020, We learned that an unauthorized actor who attempted to deploy…
NY: “Grief” claims to have breached Rehabilitation Support Services
A rehabilitation and support services agency that provides services to more than 3,000 individuals with psychiatric and substance abuse disorders each year has been the victim of a cyberattack by threat actors call themselves “Grief.” Rehabilitation Support Services, Inc. (RSS) operates in 13 upstate New York counties through 5 service divisions. According to their web…