Marianne Kolbasuk McGee reports: More than 100 medical associations and industry groups representing tens of thousands of U.S. doctors and healthcare professionals have banded together to urge federal regulators to hold Change Healthcare responsible for breach notifications related to a massive February ransomware attack. The groups in a letter Monday asked the U.S. Department of Health and…
Category: Health Data
Superior Air-Ground Ambulance Service notifies more than 850,000 patients of cyberattack last year
Superior Air-Ground Ambulance Service, Inc. {“Superior”) has locations in five states: Illinois, Indiana, Ohio, Michigan, and Wisconsin. On May 10, they notified HHS of an incident affecting 858,238 patients. A notice on their website explains that they discovered unusual activity in their network in May 2023. “On June 23, 2023, the investigation determined that an…
Tx: CentroMed discloses a second data breach within one year (UPDATE 1)
In August 2023, El Centro Del Barrio (“CentroMed”) reported a breach that affected 350,000 patients. The incident, which had been claimed by Karakurt threat actors in June, involved patients’ names, addresses, dates of birth, Social Security numbers, financial account information, health insurance plan member IDs and claims data. A check of Karakurt’s leak site today…
HHS launches $50M security initiative to thwart hospital ransomware
Chad Van Alstin reports: The U.S. Department of Health and Human Services (HHS) is launching a $50 million incentive program to encourage hospitals to improve their cybersecurity. Dubbed the Universal Patching and Remediation for Autonomous Defense—or UPGRADE—program, the initiative aims to speed up vulnerability detection and patch deployment through the creation of a platform that…
Mosaic Mental Health notifies patients of breach
On September 25, 2023, Riverdale Mental Health d/b/a Mosaic Mental Health (“MOSAIC”) notified HHS of an incident that affected 7,281 patients. The incident was coded as a “hacking/IT incident” involving their network, but no further details were available at the time. On April 3, more than six months later, they sent out notification letters. Massachusetts…
Cyberattack fallout: Ascension and DocGo troubles ricochet
Andrea Fox reports: DocGo, an ambulatory and remote patient monitoring provider in the U.S. and U.K. filed a notice on May 7 with the U.S. Securities and Exchange Commission over U.S. patient data breached in a recent cyberattack. “As part of its investigation, the company has determined that the threat actor accessed and acquired data,…