New York Attorney General Letitia James today announced an agreement between a bipartisan coalition of 41 attorneys general from around the nation and the Westchester County debt collection agency Retrieval-Masters Creditors Bureau, d/b/a American Medical Collection Agency (AMCA), that resolves a multistate investigation into the company’s 2019 data breach. The breach exposed the personal information —…
Category: Health Data
Walmart: Notice of Data Security Incident
On February 16, 2021, Walmart was informed by one of its suppliers that a data hosting service they used was compromised on January 20, 2021. An unauthorized party accessed the service and stole records from that service provider. Some of those records included information about a confined number of Walmart pharmacy patients. Walmart’s information systems…
How do you make a data breach even worse? You notify the victims that they are dead.
The headline says it all: Some Treasure Valley residents receiving letters from Saint Alphonsus saying they are dead The situation started routinely enough — an employee’s email account was compromised. In this case, the access was used to send out spam. Somehow, however, in the process of sending breach notifications, there was a mail merge…
Another hospital hit by ransomware in France, Spain’s public employment service hit with Ryuk, and China’s Cosco Shipping allegedly hacked by LORDBR
Another French hospital, Centre Hospitalier Général d’Oloron, has fallen victim to a ransomware attack. France Bleu reports (translation): The Oloron Sainte-Marie hospital (Pyrénées-Atlantiques) was the victim of a cyberattack on Monday March 8 in the early afternoon. No application works and a message asking for a ransom of $ 50,000 to be transferred to a…
Trillium Community Health Plan members impacted by Accellion breach
DataBreaches.net has found a second HIPAA-covered entity that has revealed that it was affected by the Accellion attack by CLOP threat actors. On February 25, Trillium Community Health Plan in Oregon disclosed that they had been notified by Accellion on January 25 of the cyberattack that impacted dozens of Accellion’s clients. In Trillium’s case, the…
Some UPMC St. Margaret patients’ info shared with unauthorized organization by now-former employee
Paul J. Gough reports that an employee of UPMC St. Margaret was fired after they sent a record to an unidentified outside organization that contained patient information. A March 5th statement on UPMC’s web site reveals that on August 8, 2020, UPMC first became aware of the inappropriate disclosure of a medication administration report to an…