One of the most disturbing privacy and data security cases of the decade has come to an end of sorts. Rick Callahan of AP reports the update to a case first reported last year, but caution: this story may be triggering for some people. Indiana’s attorney general recommended no criminal charges or licensing actions Wednesday…
Category: Health Data
As 2020 draws to a close, it still takes too long to detect and notify patients of most breaches
The press release below the separator includes the kind of timeline that we often see in breach disclosures where an employee’s email account has been hacked. It continues to take many entities too long, in this blogger’s opinion, to detect breaches of their systems, then determine that PHI was involved, and then notify. In this…
EXCLUSIVE: Conti describes how they attacked Leon Medical Centers; shows DataBreaches.net almost 2 million patient-related files
I’ve always resisted any urge to write a “worst breaches of the year” piece at the beginning of December because I just know that if I do, there’s going to be something that would be on my “worst” list if only I had waited a few weeks. The Conti ransomware attack on Leon Medical Centers…
Antwerp laboratory becomes latest victim of cyber-attack
Alan Hope reports a ransomware attack on a laboratory that “handles about 3,000 Covid-19 tests a day, or about 5% of he national total. As such, it is the largest private lab in the country dealing with the Covid-19 crisis.” The attack took place on the General Medical Laboratory (AML) in the Antwerp district of…
Riverside Community Care notifies clients of October ransomware attack
On November 9, DataBreaches.net posted a commentary calling for patients to be notified sooner when their data had been stolen and dumped by ransomware threat actors. In the companion article to that post, Without Undue Delay, specific victims were listed with comments as to whether they had notified patients or not. One of those victims who…
What was just a hope a few years ago, is now a reality: more coordinated state AG actions investigating breaches
Those in the privacy law community will remember Danielle Citron’s seminal research on state attorneys general and their role in investigating privacy and data security breaches. I reported on that research back in June, 2016 on PogoWasRight.org. As those who are regular readers of this site know, there have been more announcements of multi-state settlements…