It appears that AspenPointe, a Colorado provider of outpatient and inpatient crisis ,mental health, substance abuse, and behavioral services across the lifespan, is notifying employees and clients of a cyberattack that resulted in exfiltration of data. In a notice on their web site, which appears addressed more to employees than clients, they write: As you…
Category: Health Data
Investigation launched after hundreds of confidential patient details from Lloyd Pharmacy were sent to a woman in the post
Jessica Sansome reports: A woman received a parcel from Lloyds Pharmacy containing hundreds of prescription records – exposing confidential patient information. She believes the box from Lloyds Pharmacy was meant to be delivered to NHS prescriptions services in Bolton, Greater Manchester. Read more on Manchester Evening News.
Canadian soldier claiming $60,000 in damages from armed forces after they spread his medical information: lawsuit
Christopher Nardi reports: A Canadian soldier is suing the armed forces for $60,000 in damages after enduring “harassment”, “emotional pain and suffering” when colleagues and superiors allegedly spread confidential information about a “medical crisis” he suffered last year. When Master Warrant Officer Gregory Boucher suffered a medical emergency at his home on Canadian Forces Base…
Personal data of 16 million Brazilian COVID-19 patients exposed online by Albert Einstein Hospital employee error
Today’s example of “no need to hack if it’s leaking,” Catalin Cimpanu reports: The personal and health information of more than 16 million Brazilian COVID-19 patients has been leaked online after a hospital employee uploaded a spreadsheet with usernames, passwords, and access keys to sensitive government systems on GitHub this month. Among the systems that had credentials…
Service provider to fertility clinics discloses malware attack
A press release from US Fertility (“USF”) follows. The Center for Fertility and Gynecology in California is not listed among USF entities in the press release. I mention that because the Center for Fertility and Gynecology still has not posted anything on their site or issued any press release about a ransomware attack that NetWalker…
Fairchild Medical Center server was exposing patient information for 4.5 years until a security firm alerted them
Ugh. Fairchild Medical Center had a misconfigured server exposing PHI from December 16, 2015 until they were alerted to the problem in late July by an unnamed security company who discovered the exposure. Here’s their press release, below. Note that this does not (yet) appear on HHS’s breach tool. YREKA, Calif., Nov. 25, 2020 /PRNewswire/ — In…