There’s an update to the litigation stemming from two UnityPoint Health phishing incidents that were discovered within months of each other in 2018. Part of the lawsuit was thrown out in 2019, but negligence claims were allowed to go forward. Not surprisingly, that seemed to result in a settlement. Jessica Davis reports: Iowa Health System,…
Category: Health Data
ZA: Hackers strike at Life Healthcare, extent of data breach yet to be assessed
I missed this one a few weeks ago, it seems. On June 9, CGTN Africa reported: South Africa’s Life Healthcare said on Tuesday its southern African operation was hit by a cyber attack affecting its admissions systems, business processing systems and email servers, but is yet to determine the extent to which data has been…
PH: Unauthorized disclosure of COVID-19 patients’ identities continues
Nikko Dizon reports: As the number of coronavirus cases in the Philippines steadily increased from mid-March to late May, the National Privacy Commission (NPC) had been investigating 22 complaints of privacy breaches involving more than 150 COVID-19 patients, as well as suspected and probable cases. In at least 7 of these cases, the breach was committed…
Magellan ransomware attack impacted multiple subsidiaries and affiliates (UPDATE 2)
On May 12, DataBreaches.net reported that Magellan Health was notifying an unspecified number of individuals as a result of a ransomware attack. At the time they wrote their notification letter, Magellan stated that investigators had found that a subset of data had been exfiltrated from a single corporate server. As explained in their first notification…
LifeLabs failed to protect the personal health information of millions of Canadians- Privacy Commissioners
In November, 2019, Canadian testing laboratory provider LifeLabs disclosed a data breach. In February, 2020, it tried to block regulators from accessing a report on the breach prepared for it by Crowdstrike. Today, the B.C. and Ontario privacy commissioners released their report on the incident. It was highly critical of LifeLabs. Knowing that the report…
If you needed yet one more example of the risks of PHI in employee email accounts
I’m not sure what it might take to get a real shift in how entities approach security of employee email accounts. Despite known risks of phishing and hacks, a tremendous amount of personally identifiable information (PII) and protected health information (PHI) resides in emails or email attachments in employee accounts. Read the following chronology provided…