Zack Whittaker reports: The ransomware gang that hacked into U.S. health tech giant Change Healthcare used a set of stolen credentials to remotely access the company’s systems that weren’t protected by multifactor authentication (MFA), according to the chief executive of its parent company, UnitedHealth Group (UHG). UnitedHealth CEO Andrew Witty provided the written testimony ahead of a…
Category: Health Data
United Healthcare, Optum, and Change Healthcare Involved in Northeast Ohio Neighborhood Health Data Breach
Note: Marco A. De Felice (aka @amvinfe) has been doing some great investigative blogging on ransomware groups and incidents. If you’re not checking his SuspectFile site regularly, you are missing out on some of his exclusive reporting. De Felice’s recent coverage of Medusa’s attack on Northeast Ohio Neighborhood Health (NEON) begins: Another significant data breach…
All London Drugs stores closed across Western Canada due to “operational issue”
CTV News reports: All 79 locations of pharmacy and retail chain London Drugs are shut down Sunday, and there is no estimate on when they will be back open. A customer service representative told CTV News “all of our systems are down” and the stores are unable to process any transactions for the time being….
FTC Finalizes Changes to the Health Breach Notification Rule
The Federal Trade Commission today announced it has finalized changes to the Health Breach Notification Rule (HBNR) that will strengthen and modernize the rule by clarifying its applicability to health apps and other similar technologies and expanding the information that covered entities must provide to consumers when notifying them of a breach of their health…
Unsecured Health Genie bucket exposed almost 450,000 files with patient data — Cybernews
It is disgraceful that there are so many huge data leaks involving sensitive personal data, and yet here we are again. Cybernews reports: Health Genie, a healthcare IT solutions provider, left an open instance, exposing patients’ personal details as well as sensitive clinical data. The India-based healthcare solutions provider left an open Amazon S3 bucket,…
LivaNova to notify U.S. patients of October 2023 ransomware incident (1)
A press release from medical technology firm LivaNova PLC indicates that patients of LivaNova U.S. are being notified of a breach first disclosed in November of 2023. An investigation at the time indicated that their systems were first accessed without authorization on or around October 26, 2023, but it was not until April 10, 2024…