The following is part of the notice Village Senior Services Corporation d/b/a VillageCareMAX posted on their website. Note that the attacker was apparently requesting names and Medicaid ID numbers, which makes me wonder what the plan for misuse was — insurance fraud, perhaps? VillageCareMAX (“VCMAX”) is providing notice of an incident that may affect the…
Category: Health Data
LabCorp website bug exposed thousands of medical documents
Zack Whittaker reports: A security flaw in LabCorp’s website exposed thousands of medical documents, like test results containing sensitive health data. …. This latest security lapse was caused by a vulnerability on a part of LabCorp’s website, understood to host the company’s internal customer relationship management system. Although the system appeared to be protected with a…
SC: Tidelands Health named in class action lawsuit after December ransomware attack
Andrew James reports on a ransomware attack on a South Carolina system that has yet to show up on HHS’s public breach tool: The impacts of the December 12 cyberattack on the Tidelands Health Hospital System are unclear, but what is clear is that patients feel they were victimized as a result of negligence. A…
Beaumont investigating security breach of 1,200 patient files
Sarah Rahal reports: Beaumont Health officials are investigating a security breach by a former employee who accessed patient information, hospital officials said Saturday. Beaumont notified 1,182 individuals about the incident on Friday saying a now-former employee had unauthorized access of patient information. The employee, who was terminated, is suspected of disclosing information to an individual working…
PIH Health notifies almost 200,000 patients whose protected health information was sitting in employee email accounts that were compromised
Posted by PIH Health on their website on January 10, 2020: Notification of Data Security Incident January 10, 2020 – PIH Health has become aware of a data security incident that may have impacted personal information and protected health information belonging to certain current and former patients. On January 10, 2020, PIH Health notified potentially…
If states would only require — and then engage in — more transparency on breaches
Years ago, I had hoped more states would require breach notifications to central offices and that states would then share those reports with the public, much as New Hampshire had done. But things haven’t really become more transparent. Maryland and California remain positive examples of transparency, but New Hampshire’s site, while still available, has lost…