OSF HealthCare System (“OSF”) is mailing letters to its patients advising them of the Blackbaud ransomware incident that has already impacted more than 10 million other patients. OSF’s statement doesn’t reveal when Blackbaud first notified them, but they report that On August 20, 2020, OSF’s investigation and review of the Blackbaud database involved in the…
Category: Health Data
MI: Dickinson County Healthcare System responding to malware attack
Alyssa Jawor reports: The Dickinson County Healthcare System is in the process of a confidential investigation and recovery after the hospital had a ransomware attack on Saturday. A written statement provided to TV6, from the hospital says, ‘DCHS is in the process of responding to a recent security incident involving malicious software (commonly known in…
Passavant Memorial Homes Family of Services notifies 25,000 after someone alerts them to vulnerability
I’ve just read a breach notification from an incident that was reported to HHS as impacting 25,000. Reading it, it sounds like someone tried to tip the entity that they had a vulnerability and the tipster provided proof. But then their investigation couldn’t definitively prove that no data had ever been accessed or exfiltrated or…
Misconfigured cloud storage bucket exposed Pfizer drug safety-related reports — researchers
For lo, these many years, DataBreaches.net has been reminding everyone that not all leaks or breaches involving medical or sensitive personal health information are covered by HIPAA. Today’s story is a reminder of that. vpnMentor recently contacted DataBreaches.net about a leak their research team, led by Noam Rotem and Ran Locar, had discovered. The leak…
Ransomware Attack on a Major Health Tech Firm Slows Down Several COVID-19 Clinical Trials
Alicia Hope reports: A ransomware attack targeting medical technology firm slowed down clinical trials for the past two weeks, according to the New York Times. The attack targeted a Philadelphia company that develops software for clinical trials, including the crash effort to develop rapid coronavirus tests, treatment, and the vaccine. The attack on eResearch Technology forced…
California AG Settlement Suggests Privacy and Security Practices of Digital Health Apps May Provide Fertile Ground for Enforcement Activity
Libbie Canter, Anna D. Kraus, and Rebecca Yergin of Covington & Burling write: California Attorney General Xavier Becerra (“AG”) announced in September a settlement against Glow, Inc., resolving allegations that the fertility app had “expose[d] millions of women’s personal and medical information.” In the complaint, the AG alleged violations of certain state consumer protection and privacy laws, stemming from privacy…