The Finnish Government has decided on measures to help victims of identity theft and to improve personal identity protection. The Ministry of Social Affairs and Health will firstly ensure that the victims of the data breach at Psychotherapy Centre Vastaamo continue to receive the necessary psychosocial and other support. Support will continue to be provided…
Category: Health Data
OCR Settles Eleventh Investigation in HIPAA Right of Access Initiative
The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) announces its eleventh settlement of an enforcement action in its HIPAA Right of Access Initiative. OCR announced this initiative as an enforcement priority in 2019 to support individuals’ right to timely access to their health records at a reasonable…
Breach Lawsuit Spotlights Complex Vendor Issues
Marianne Kolbasuk McGee reports on a lawsuit that stems from a breach first reported on this site in March, 2019. She reports: A medical device maker has sued an IT vendor in the wake of an email server migration mishap that exposed the health data of more than 277,000 individuals. The case illustrates the complexities…
Damien Bancal
Damien Bancal reports (translation follows): I revealed to you, last November 3, the announced piracy of the pharmaceutical laboratory Expanscience (Mustela…). A second cyberattack, in four months, posted by a group of ransomware operators. After Maze , Egregor explained that he had invited himself to the company’s IT. On November 9, I discovered that the Bailly Creat lab, a French pharmaceutical laboratory specializing…
Eight months after ransomware attack, Advanced Urgent Care of Florida Keys notifies patients
On March 14, DataBreaches.net reported that Advanced Urgent Care of the Florida Keys had been attacked, and patient data dumped. The data dump had been listed on a Russian-language forum known for data dumps, and the threat actor, then known as “m1x,” called the medical group “Malicious Defaulters” because they wouldn’t pay to prevent data…
Patients need to be notified sooner of ransomware dumps
In the past year, we have seen a significant increase in the use of dedicated leak sites where ransomware threat actors post the names of victims and dump some of their data to pressure them to pay demanded ransom. In the U.S., HIPAA gives covered entities no more than 60 days from discovery of a…