Cancer Treatment Centers of America has been sending notification letters to patients whose protected health information was in an employee email account that was compromised by a phishing attack. The employee works at the Southeastern Regional Medical Center. The attack took place on March 10, 2019, and the attacker was potentially able to access the…
Category: Health Data
Medical Insurance Fraud: Doctors’ identity info for sale on dark web marketplace
There have been numerous estimates over the years about how much a patient’s information sells for on dark web marketplaces. But what about a doctor’s information? If you had the necessary documentation on a physician who could bill electronically for their services, how much could you make by sending fraudulent bills to Medicare or insurers?…
Australians’ Medicare details illegally sold on darknet – two years after breach exposed
Paul Karp reports: Australians’ Medicare details are still being illegally offered for sale on the darknet, almost two years after Guardian Australia revealed the serious privacy breach. Screenshots of the Empire Market, provided to Guardian Australia, show the vendor Medicare Machine has rebranded as Medicare Madness, offering Medicare details for $US21. Read more on Guardian…
Seven months after learning of a breach, UCSD still has not notified HIV research participants whose privacy was breached
Brad Racino and Jill Castellano report on what sounds like either willful or negligent handling of highly sensitive information of research participants bu a non-profit participating in some university-funded research. In either event, the university was notified of a breach in October and STILL hasn’t notified the research participants with HIV whose data was available…
Equitas Health notifies 569 members after discovering two employee email accounts had been compromised
Equitas Health, Inc. (“Equitas Health”) learned that it was the victim of a data incident and is notifying individuals whose information may have been affected. On January 8, 2019, Equitas Health became aware of unusual activity within an employee’s email account. Equitas Health conducted an internal investigation which revealed that an unauthorized individual had access…
Oregon Health Authority provides early notification to Oregon State Hospital patients of a phishing incident
I realize that some will fault the entity for making early notification before they have all the facts, but my hat is off to the Oregon Health Authority (OHA). On May 6, they suffered – and quickly stopped – a successful spear-phishing attack that gave the attacker access to one employee’s mail account. That account…