There’s yet another update to the troubling case of Spyros Panos, who had been charged with stealing another physician’s identity to continue on his fraudulent way after losing his medical license for other crimes. A post on this site in 2018 provides some of the background and history. On October 30, the Southern District of…
Category: Health Data
Mercy Iowa City notifies 92,795 after discovering employee’s email account compromised
It started as so many breaches do — with the compromise of an employee’s email account. From May 15 until June 24, a threat actor accessed the account and used it to send spam and phishing emails. The breach was discovered on June 24. Mercy Iowa City’s investigation, assisted by a forensics security firm. ultimately…
NC: Alamance Skin Center breach left patient data totally unrecoverable
Alamance Skin Center recently reported a HIPAA breach to HHS as being a “Loss” incident with data in EMR. But previous media coverage provided an even more dire understanding of the incident. On November 4, Triad Business Journal reported that the medical practice, part of Cone Health, had been the victim of a ransomware attack. The…
Commentary: ‘You may be hacked’ and other things doctors should tell you
Maximilian Kiener is Research Fellow in Philosophy at the University of Oxford. And while I have been blogging about the need to promptly disclose to patients when patient data has been acquired or dumped by threat actors, Kiener has been writing about the need for doctors to expand our concept of what constitutes the kind…
Correction and Update: Mount Locker team denies responsibility for Sonoma Valley Hospital attack
On November 9, DataBreaches.net published “Without Undue Delay” which catalogued health sector ransomware attacks where attackers had dumped patient data as part of an attempt to pressure their victims into paying ransom. That report was a companion to a post arguing that patients need to be notified sooner of ransomware dumps than HIPAA’s 60-day window…
Delaware Division of Public Health Announces Data Breach Incident Involving COVID-19 Results
DOVER (Nov. 15, 2020) – The Delaware Division of Public Health (DPH) is announcing today that it is mailing letters to individuals who were impacted by a recent data breach incident and is providing information to the public regarding the incident. On September 16, 2020, the Department of Health and Social Services (DHSS) discovered that…