The Maze Team attackers continue to announce more of their ransomware victims that have not complied with their ransom demands, and they continue to dump data from those who do not pay them. When I checked their site again today, I noticed that they had announced that they have dumped all their files on the…
Category: Health Data
VillageCareMAX & VillageCare Rehabilitative & Nursing Center Notices of Data Privacy Incident After Business Email Compromise
The following is part of the notice Village Senior Services Corporation d/b/a VillageCareMAX posted on their website. Note that the attacker was apparently requesting names and Medicaid ID numbers, which makes me wonder what the plan for misuse was — insurance fraud, perhaps? VillageCareMAX (“VCMAX”) is providing notice of an incident that may affect the…
LabCorp website bug exposed thousands of medical documents
Zack Whittaker reports: A security flaw in LabCorp’s website exposed thousands of medical documents, like test results containing sensitive health data. …. This latest security lapse was caused by a vulnerability on a part of LabCorp’s website, understood to host the company’s internal customer relationship management system. Although the system appeared to be protected with a…
SC: Tidelands Health named in class action lawsuit after December ransomware attack
Andrew James reports on a ransomware attack on a South Carolina system that has yet to show up on HHS’s public breach tool: The impacts of the December 12 cyberattack on the Tidelands Health Hospital System are unclear, but what is clear is that patients feel they were victimized as a result of negligence. A…
Beaumont investigating security breach of 1,200 patient files
Sarah Rahal reports: Beaumont Health officials are investigating a security breach by a former employee who accessed patient information, hospital officials said Saturday. Beaumont notified 1,182 individuals about the incident on Friday saying a now-former employee had unauthorized access of patient information. The employee, who was terminated, is suspected of disclosing information to an individual working…
PIH Health notifies almost 200,000 patients whose protected health information was sitting in employee email accounts that were compromised
Posted by PIH Health on their website on January 10, 2020: Notification of Data Security Incident January 10, 2020 – PIH Health has become aware of a data security incident that may have impacted personal information and protected health information belonging to certain current and former patients. On January 10, 2020, PIH Health notified potentially…