From their notice: ANOKA, MINNESOTA – April 11, 2019 – Riverplace Counseling Center has become aware of a potential data security incident that may have resulted in the unauthorized access to personal information, including health information. Although at this time, there is no evidence of any attempted or actual misuse of anyone’s information as a…
Category: Health Data
Update on Meditab breach
On March 19, this blog linked to a TechCrunch report about an improperly secured Meditab fax server that potentially allowed fax images with patient information to be accessed from an analytics portal. The exposure had been found by SpiderSilk, a cybersecurity firm in Dubai, who estimated that 6 million images were potentially accessible. The TechCrunch…
Klaussner Furniture Notified More than 9,000 Employees and Their Dependents of a Data Security Incident Involving Health Plan Data
Another day, another press release…. ASHEBORO, N.C., April 05, 2019 (GLOBE NEWSWIRE) — Klaussner Furniture Industries, Inc. (“Klaussner”) recently became aware that a data security incident that affected its operations could also have affected the personal information of certain current and former employees, as well as some of their dependents. However, after a thorough investigation…
Centrelake Medical Group notifies patients after virus investigation reveals earlier intrusion and suspicious activity
Updated April 25: This incident was reported to HHS as impacting 197,661 patients. Original post: Here’s their press release. The release does not explain how the attacker(s) first gained access to certain servers in January. Was the infection intended to cover up the earlier activity? It’s not clear to me. Nor does the press release…
Five months after disclosing a patient PHI breach involving employee email accounts, Metrocare discloses a second, identical, breach?
On April 5, Metrocare Services in Texas notified HHS that it was notifying 5,290 clients of a breach. A notice on their web site explains: On February 6, 2019, we learned an unauthorized third party gained access into some Metrocare employees’ email accounts beginning on January 2019. We immediately took steps to secure the accounts…
New Malicious Medical DICOM Image Files Cause HIPAA Headache
Sergiu Gatlan reports: Malicious DICOM files can be crafted to contain both CT and MRI scan imaging data and potentially dangerous PE executables, a process which can be used by threat actors to hide malware inside seemingly harmless files. Cylera’s Markel Picado Ortiz achieved this by taking advantage of a DICOM format design flaw which…