Eliza Gkritsi follows up on something previously reported on this site based on research by WizCase that they had shared with this site. WizCase subsequently updated their own post, here. Two security flaws at Chinese medical device operators put over 24 million patient records at risk in October. These medical data leaks reveal how cybersecurity practices…
Category: Health Data
Mercy Health Lorain Hospital Laboratory patients notified of HIPAA breach due to contractor invoice printing error
Although no actual or attempted access or misuse of patient or guarantor information has been discovered, RCM Enterprise Services, Inc. (“RCM”) is providing notice to certain individuals regarding an error in the invoice mailing process that caused individually identifiable information to appear in the clear address “window” on medical invoices. RCM provides patient billing services…
Hackers access Sask. eHealth system, demand ransom
Wayne Mantyka reports: Hackers made it through the first level of security for Saskatchewan’s eHealth records system this weekend, locking the government out of some systems. Jim Hornell with eHealth Saskatchewan told CTV News the hackers are demanding the government pay an unspecified ransom to get the system back under its control. Read more on…
What OPSEC? Member of “thedarkoverlord” allegedly used his personal details to set up hacking and extortion-related accounts.
In what seems like a mind-boggling OPSEC #FAIL, a U.K. man associated with thedarkoverlord allegedly used his real details to create bank accounts as well as to open email accounts, phone numbers, vpn, Twitter, and PayPal accounts that thedarkoverlord used as part of its operations to hack and extort victims. For a group that signed…
West Georgia Ambulance Company Pays $65,000 to Settle Allegations of Longstanding HIPAA Noncompliance
Are you surprised to see a settlement with HHS arising from an investigation that began when an entity reported a stolen laptop in 2013? Keep reading this notice from HHS to find an explanation: West Georgia Ambulance, Inc. (West Georgia), has agreed to pay $65,000 to the Office for Civil Rights (OCR) at the U.S….
As 2019 draws to a close, some entities are taking harder look at storing PHI in employee email accounts
Okay, so two exemplars doesn’t prove any kind of trend, but I’m glad to see some entities now taking steps to reduce how much PHI is stored in employee email accounts. Here are two recent incidents, both reported to HHS in December: Healthcare Administrative Partners (HAP) is a Pennsylvania-based business associate under HIPAA. On December…