January 5, 2024 NEW YORK – New York Attorney General Letitia James today announced an agreement with a Hudson Valley-area health care provider, Refuah Health Center, Inc. (Refuah), for failing to safeguard the personal and private health information of its patients. The Office of the Attorney General (OAG) found that Refuah failed to maintain appropriate controls to protect and limit access to sensitive data, including by failing to encrypt patient information and using multi-factor authentication. As…
Category: Health Data
23andMe Says Breach Victims Are to Blame, Legal Action is Futile
As incident response and public relations go, blaming victims for your breach is generally not an impressive strategy. Michael Edgar reports that 23andMe seems to be doing exactly that: Months after the San Francisco based company experienced a data breach impacting about 6.9 million users, 23andMe is now facing criticism for blaming victims of the breach and…
The State of Ransomware in the U.S.: Report and Statistics 2023
Data analyses and commentary by Emsisoft begins: “From 2016 to 2021, we estimate that ransomware attacks killed between 42 and 67 Medicare patients.” — McGlave, Neprash, and Nikpay; University of Minnesota School of Public Health1 In 2023, the U.S. was once again battered by a barrage of financially-motivated ransomware attacks that denied Americans access to…
Parathon by JDA e-Health: what we still don’t know about their July ransomware incident
On August 1, DataBreaches noticed that Parathon by JDA e-Health had been listed on the Akira ransomware leak site. Neither Akira nor Parathon responded to DataBreaches’ inquiries at the time, as DataBreaches reported on August 6. On October 30, Parathon issued a notice of security incident. The notice stated, in part: On July 27, 2023,…
Theft of Vancouver rape crisis centre server containing sensitive data raises privacy concerns
Yasmine Ghania and Moira Wyton report: Cybersecurity experts are warning of “significant” data privacy risks after a Vancouver rape crisis centre told clients and donors a computer server containing their sensitive personal information and banking details was stolen from its office last month. The Dec. 3 break-in at Salal Sexual Violence Support Centre’s new downtown office is…
Anna Jaques Hospital’s computer system compromised by cyberattack
Dave Rogers reports: Days after what was called a cyberattack shut down Anna Jaques Hospital’s health record system on Christmas, hospital administrators are saying little about what caused the massive failure or whether the problem has been remedied. “Upon discovery, we immediately secured our environment and engaged cybersecurity professionals to assist in the investigation. While…