Beth Treffeisen reports: A women’s gynecological clinic in Attleboro is suing a neighboring crisis pregnancy center, accusing it of hacking its confidential online portal and misleading patients to prevent abortion. Four Women Health Services alleges that Attleboro Women’s Health Center, also named Abundant Hope Pregnancy Resource Center, broke computer fraud, consumer protection, and wiretapping laws…
Category: Health Data
Late Discovery: CMS and Wisconsin Physicians Service Insurance Corporation notify 947k of last year’s MOVEit data breach
Susan Morse reports: The Centers for Medicare and Medicaid Services and Wisconsin Physicians Service Insurance Corporation are mailing written notifications to 946,801 people whose protected health information or other personally identifiable information may have been compromised in a cyber breach. A security vulnerability was found in MOVEit software, a third-party application used in the transfer…
Online AI Mental Health and Addiction Treatment Provider Exposed Patient Data
For your “no need to hack when it’s leaking” files: Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password-protected database that contained thousands of records belonging to Confidant Health — an AI-powered platform offering mental health and addiction treatment. The database contained patient PII, psychosocial assessments including details about mental health or substance abuse,…
Under a quarter of rural hospitals are using White House’s free cyber resource program, official says
David DiMolfetta reports: Around 350 of some 1,800 small and rural U.S. hospitals are leveraging free and low-cost private sector cybersecurity resources that were marshaled by the White House this summer, a top White House cyber official said Tuesday. Deputy National Cyber Director for Cybersecurity and Emerging Technology Anne Neuberger provided the update at the…
Business Associate Agreements Matter: Demystifying the Perceived Simplicity of HIPAA Agreements
Shalyn Watkins of Holland & Knight writes: For most healthcare providers and businesses, signing a Business Associate Agreement (BAA) is a standard practice. When contracting to provide services with an entity governed by the Health Insurance Portability and Accountability Act (HIPAA), it is a requirement that the entity enter into a business associate contract, also…
How many times has Carespring Health Management been attacked since last year? (1)
In October 2023, Carespring Health Care Management was the victim of a ransomware attack. It was not announced on its website, but in November, Carespring was listed on the NoEscape ransomware gang’s site. At the time, the threat actors claimed they had encrypted Carespring’s files and exfiltrated 364 GB of files. The incident never appeared…