I have no doubt that numerous sites will start generating “lessons learned” or “five takeaways” from the Blackbaud breach — if they haven’t done so already. And perhaps one of the consequences of this mega-breach needs to be a discussion of whether some entities are unnecessarily giving their fundraising arms or business associates too much…
Category: Health Data
Ca: Regina clinic failed to notify patients of privacy breach, says commissioner
Mark Melnychuk reports: An investigation by Saskatchewan’s privacy commissioner found that a Regina medical clinic did not notify patients when a doctor’s dictation machine containing personal health information went missing a year ago. According to the report filed on Sept. 15, Saskatchewan Information and Privacy Commissioner Ronald J. Kruzeniski wrote that his office was notified…
PA: Geisinger Berwick notifying hundreds of patients after firing employee for improper access to records
Geisinger Berwick is notifying more than 700 patients whose patients’ records were accessed without justification by a now-former employee. As first reported by Times Leader, the improper access began in June 2019 and would likely still be continuing were it not for an employee that reported their concern about the employee’s actions to the clinic…
Did ransomware threat actors hit a German medical clinic by mistake? Either way, someone died as a result.
It was our nightmare realized: a medical center was completely paralyzed by a ransomware attack and someone died as a result (SEE UPDATE2 below for correction on that). As of last week, the University Clinic in Düsseldorf reported that it was in a state of emergency. Operations had been canceled, and ambulances had to be…
COVID-19 and HIPAA: HHS’s Troubled Approach to Waiving Privacy and Security Rules for the Pandemic
A snippet from the Executive Summary of a new report written by Robert Gellman and Pam Dixon: This report offers an analysis of existing laws and practices regarding both types of HIPAA COVID-19 waivers. The report recommends that, when the current emergency subsides, the Secretary of HHS review in a systematic way the privacy, security,…
SunCrypt ransomware threat actors claim theft of University Hospital New Jersey files
Ax Sharma reports: University Hospital New Jersey (UHNJ) has suffered a massive data leak with over 48,000 documents floating on the dark web. An anonymous tip sent to BleepingComputer shows the different types of documents found in the leaked data dump. Read more on BleepingComputer, who provide a lot of redacted screenshots from a data dump…