In the past year, we have seen a significant increase in the use of dedicated leak sites where ransomware threat actors post the names of victims and dump some of their data to pressure them to pay demanded ransom. In the U.S., HIPAA gives covered entities no more than 60 days from discovery of a…
Category: Health Data
UVM Hospital Network Hit by Cyber Attack Restoring Services
NECN reports: Computer experts at the University of Vermont Medical Center are working to restore systems disabled in a cyberattack that have hurt the hospital’s ability to provide some cancer treatments. Officials are working to expand the capacity to provide chemotherapy at the UVM Medical Center in Burlington to seven days per week and three…
Ca: 2 hard drives and documents with personal health info left behind during MLHU move
CTV reports: The Middlesex-London Health Unit (MLHU) is defending itself over a privacy breach earlier this year when papers and two computer hard drives containing personal information and personal health information were left behind at its former headquarters on King Street. It happened during the move to its new location inside Citi Plaza in the…
Mayo Clinic faces lawsuit in breach of patients’ health records
Not surprisingly, Mayo Clinic is facing a lawsuit over an insider-wrongdoing (snooping) breach that was disclosed last month. Jim Spencer reports: Patients whose medical records were improperly accessed by a former Mayo Clinic employee are attempting to mount a class-action lawsuit against the health care provider for failing to protect their sensitive personal data. The…
UK: ‘Thousands’ of people could have had personal details in cyber attack on Sandicliffe car dealership
For what… about 14 years now… I have pointed out how many non-medical entities hold sensitive medical information on consumers that may get caught up in breaches. Today’s example is out of the U.K., where Phoebe Ram reports: The bank account details and medical histories of ‘possibly thousands’ of people were stolen during a cyber…
Lawrence General Hospital notifying patients of breach
Lawrence General Hospital in Massachusetts is notifying patients of a breach that occurred in September. In their disclosure, LGH notes that on September 19, they discovered a “data security incident that disrupted the operations of our IT systems.” Their investigation determined that an unauthorized party “may have accessed its IT systems between September 9, 2020…