How many data breaches can an entity have before either some regulator steps in with a corrective action plan or something happens to reduce the likelihood of more breaches? Consider the following: Breach # 1 On February 22, 2022, Minuteman Senior Services (MSS) identified suspicious activity related to an employee’s email account. According to the notification…
Category: Health Data
HHS Office for Civil Rights Settles Ransomware Cybersecurity Investigation for $500,000
A press release from HHS OCR today announces a settlement with Plastic Surgery Associates of South Dakota. In July 2017, DataBreaches reported that the entity was notifying 10,200 patients after a ransomware incident. Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), announced a settlement with Plastic Surgery…
Summit Pathology Laboratories notified 1.8 million patients of a breach. Less than 48 hours later, they were sued. (1)
On October 18, Summit Pathology and Summit Pathology Laboratories (“Summit”) in Colorado notified HHS of a breach affecting 1,813,538 patients. By October 21, personal injury law firms started reporting on the breach and recruiting potential plaintiffs. On October 22, Karen Alexander became aware that Summit had sent her and her family members notifications to their…
Albany ENT & Allergy Services settles state charges stemming from two patient data breaches; agrees to spend $2.25M on security program
In April 2023, DataBreaches reported two ransomware groups had each listed Albany ENT & Allergy Services (AENT) on their respective leak sites. But one month later, when AENT sent notifications to regulators and 224,486 affected employees and patients, its notification letter made no mention of any ransomware attack, any encryption of files, any ransom demands,…
Since June, two groups claim to have attacked The Eye Clinic Surgicenter. What do we know?
One cyberattack is distressing enough. But has The Eye Clinic Surgicenter been attacked by two different groups this year? Silence is not golden if patient data has already been leaked. Last week, Meow Leaks added The Eye Clinic Surgicenter in Montana to their leak site. Meow’s site indicates that is offering 59 GB of files…
Update to Change Healthcare breach
From HHS OCR: “On October 22, 2024, Change Healthcare notified OCR that approximately 100 million individual notices have been sent regarding this breach. ” As DataBreaches mentioned this morning on Infosec.Exchange, is that 100 million an interim update and we should expect another update with even bigger numbers, or is 100 million the total number…