In August, 2019, this site reported on an incident at NCH Healthcare in Florida. At the time, it was not clear whether patient data was impacted in the phishing incident. The entity had become aware of suspicious activity on June 14, but by mid-August, there was no report on HHS’s public breach or detailed disclosure….
Category: Health Data
NY: East House Provides Notice Of Data Privacy Event
East House is a private, nonprofit agency in Rochester, New York that serves individuals with persistent mental illness and/or substance use disorder. Yesterday, they issued a press release about a breach: ROCHESTER, N.Y., Feb. 17, 2020 /PRNewswire/ — Although unaware of any actual or attempted misuse, East House is providing notice of a data privacy event impacting the…
Data breach at Monroe County Hospital & Clinics results in notification to 7,500 patients
Tyler J. Davis reports: More than 7,000 patients of a south-central Iowa medical system have been notified that their personal information may have been leaked in a data breach. Monroe County Hospital & Clinics said in a news release Monday that approximately 7,500 people were notified that the breach may have led to unauthorized access…
Wise Health updates its breach notification of last summer
In July 2019, this site noted that Wise Health in Texas had notified HHS about a HIPAA breach impacting 35,899 patients. The report concerned a phishing incident in March, 2019 that was discovered in April, 2019. Last week, Wise Health issued another press release, reproduced below. At first blush, it might sound like a new…
Threat Vector Number 1
Britton White is a cybersecurity & HIPAA Compliance advisor. The following article is reproduced with his kind permission. Email is the bane of our existence and the number one threat vector….. there’s no other way to say it. I’ve rummaged through over 30 hospitals and hundreds of clinics (some multiple times) in my time conducting…
Potential class action lawsuits filed against two more ransomware victims
On Thursday, I reported on a potential class action lawsuit that had been filed against two hospitals in Puerto Rico that suffered a ransomware attack. As I noted in my post, none of the named plaintiffs claimed that they had suffered any concrete injury or harm other than the cost and time involved in monitoring…