Reuters reports: Indonesia is investigating a suspected security flaw in a COVID-19 test-and-trace app that left exposed personal information and the health status of 1.3 million people, a health ministry official said on Tuesday. Researchers from encryption provider (sic) vpnMentor said personal information in the Indonesia Health Alert Card (eHAC) app, often required to be used…
Category: Health Data
DuPage Medical Group notifying 600,000 patients that their personal information may have been compromised in cyberattack
Lisa Schencker reports: DuPage Medical Group is notifying 600,000 patients that their personal information may have been compromised during a July cyberattack. DuPage Medical Group, which is the state’s largest independent physicians group, experienced a computer and phone outage that lasted nearly a week in mid-July. The group worked with cyber-forensic specialists to investigate the incident and…
Quebec could make changes to vaccination passport after flaws in system exposed
CBC News reports: When Louis heard the province’s digital transformation minister say on Tuesday that quick response (QR) codes “cannot be falsified, modified or copied,” he took it as a challenge. “There’s always a flaw,” he said. “It’s just a matter of being patient enough to find it.” […] within six hours, Louis said he…
Pennsylvanians who had personal information exposed in contact tracing data breach no longer suing state
Rick Earle reports: The Pennsylvania Health Department has been dismissed from a federal lawsuit including Insight Global, the company responsible. Insight Global is now the only defendant named in that lawsuit. Target 11 broke the story in April that personal information of more than 70,000 Pennsylvania residents involved in COVID-19 contact tracing had been compromised. Insight Global blamed…
CareATC notifies patients, employees, and dependents after discovering employee email accounts compromised
The following is a press release: TULSA, Okla., Aug. 27, 2021 /PRNewswire/ — CareATC, Inc. (“CareATC”) recently discovered an incident that may have impacted the privacy of information related to certain patients, employees, and dependents of patients and employees. While CareATC is unaware of any attempted or actual misuse of information in relation to the incident, it is providing potentially affected…
California DOJ Must Be Notified About Breaches of the Health Data of 500 or More California Residents
HIPAA Journal reminds us all that states can require notification to the state of breaches that are also covered by HIPAA and can take enforcement action if they are not reported: Recently, there have been several instances where the California DOJ has not been notified about ransomware attacks on California healthcare facilities, even though the…