Those in the privacy law community will remember Danielle Citron’s seminal research on state attorneys general and their role in investigating privacy and data security breaches. I reported on that research back in June, 2016 on PogoWasRight.org. As those who are regular readers of this site know, there have been more announcements of multi-state settlements…
Category: Health Data
FL: Agency for Community Treatment Services, Inc. Notification of Ransomware Attack
Press release: TAMPA, Fla., Dec. 24, 2020 /PRNewswire/ — The Agency for Community Treatment Services, Inc. (“ACTS”) announced today that it has taken action after learning of a data security incident which may have compromised the personal information and/or protected health information of patients who received care from ACTS from 2000 through 2013. ACTS began providing notice…
UK: Transform Hospital Group falls prey to ransomware attack
Plastic surgery groups continue to be an attractive target for threat actors, and this week we learned that Transform Hospital Group in the U.K. has been attacked by REvil (Sodinokibi) ransomware threat actors. As proof, the REvil posted some screen shots of directories (a portion of one appears below). In a post on their dark…
Leon Medical Center confirms ransomware attack, credits employees and staff with providing quality care despite attack
One of the medical entities recently identified as a victim of a ransomware attack is Leon Medical Centers (LMC) in Florida. Founded in 1996, LMC expanded over the years into a comprehensive outpatient healthcare system that includes seven medical centers among other healthcare services. LMC offers a range of services to Medicare patients as well…
FR: Albertville hospital victim of ransomware attack
Justine Leblond reports (translation): Since 4 am, this Monday, December 21, the Center Hospitalier Albertville-Moûtiers (CHAM) has been the victim of a cyber attack. Several sites are affected: the two branches in Albertville and Moûtiers, as well as the EHPAD and the Claude Léger and Les Cordeliers long-term care units. Several equipment, servers, software and part of the…
Proliance Surgeons, Inc. Notifies Customers of Data Security Incident
Why are they calling them “customers” and not “patients?” I’m confused by this press release, below. Were these payment cards the patients’ payment cards/payment info? If so, it’s still protected health information of patients. I’ve reached out to the entity to request clarification. Update: A spokesperson says that the payment cards were not the patients’…