It was our nightmare realized: a medical center was completely paralyzed by a ransomware attack and someone died as a result (SEE UPDATE2 below for correction on that). As of last week, the University Clinic in Düsseldorf reported that it was in a state of emergency. Operations had been canceled, and ambulances had to be…
Category: Health Data
COVID-19 and HIPAA: HHS’s Troubled Approach to Waiving Privacy and Security Rules for the Pandemic
A snippet from the Executive Summary of a new report written by Robert Gellman and Pam Dixon: This report offers an analysis of existing laws and practices regarding both types of HIPAA COVID-19 waivers. The report recommends that, when the current emergency subsides, the Secretary of HHS review in a systematic way the privacy, security,…
SunCrypt ransomware threat actors claim theft of University Hospital New Jersey files
Ax Sharma reports: University Hospital New Jersey (UHNJ) has suffered a massive data leak with over 48,000 documents floating on the dark web. An anonymous tip sent to BleepingComputer shows the different types of documents found in the leaked data dump. Read more on BleepingComputer, who provide a lot of redacted screenshots from a data dump…
UK: Over 18K COVID-19 Patients’ Data Mistakenly Exposed by NHS Trust
David Bisson reports: A National Health Service (NHS) Trust revealed that it had mistakenly uploaded the personal information of over 18,000 people who had previously tested positive for coronavirus 2019 (COVID-19). On September 14, Public Health Wales announced in a web statement that the data breach had occurred back on the afternoon of August 30, 2020. Read…
Ca: Multiple Penalties Issued to Individual Convicted of Health Information Breaches
September 10 — A former medical clinic employee pleaded guilty on Wednesday, Sept. 2 to breaching the health information of several individuals in contravention of the Health Information Act (HIA). Olivia Franc was fined $6,000, given three years probation including not being able to access health information, and is required to complete 180 hours of community…
Interim Report on the Blackbaud Breach: 3.4 Million Patients and Counting
The Blackbaud ransomware incident disclosed on July 16 will likely end up being the largest or one of the largest breaches of the year involving patient information. I’ve been reading disclosures from dozens of entities and have compiled a list of those Blackbaud clients whose disclosures state or suggest that Blackbaud had been storing some…