Connor Lynch reports: The Belfast Trust is currently investigating a data breach at a mental health unit after pictures were taken of patients’ details through the window of an office. The incident took place at the Rathlin Outpatients ward of the Knockbracken Health Centre when someone entered the grounds and took pictures through an open…
Category: Health Data
UK: Provisional decision to impose £6m fine on software provider Advanced following 2022 ransomware attack
The following statement by the Information Commissioner’s Office concerns a devastating 2022 ransomware attack by LockBit3.0 on Advanced Computer Software Group (“Advanced”), an IT vendor for the UK’s National Health Service (NHS). Here is the ICO’s statement about Advanced: We have provisionally decided to fine Advanced Computer Software Group Ltd (Advanced) £6.09m, following an initial…
Six U.S. hospital breach reports from July; some have flown under the media radar (1)
Although DataBreaches does not report on all incidents involving U.S. healthcare entities, a log is kept to calculate statistics for the annual Breach Barometer report produced by Protenus, Inc. For the month of July, DataBreaches noted the following six U.S. hospitals disclosed breaches or were claimed as victims by threat actors. Some of these incidents…
Patient frustrated by Woodstock Hospital privacy breach
Lee Griffi reports on a hospital breach in Ontario: Woodstock Hospital officials have now released a few details about a reported privacy breach that occurred between January and May of this year. The hospital released a statement on social media late last week and has also sent letters to 56 patients who reportedly had their…
Why Did Change Health Lowball Its 1st Breach Report to Feds?
Marianne Kolbasuk McGee of HealthInfoSec poses a question about why Change Healthcare’s report to HHS indicated that 500 patients were affected when they already admitted that there were millions. Why use such a low placeholder instead of a higher number when it has been months since they discovered the breach and they must have some…
Cencora confirms patient health info stolen in February attack
Over on Bleeping Computer, Lawrence Abrams reports that Cencora confirmed that protected health information was involved in the February cyberattack in its recent SEC filing, As DataBreaches previously reported, a number of Cencora—-Lash Group’s clients disclosed that personal and protected health information (PHI) was involved when they sent out notifications to their patients in May…