Evan Sweeney reports: Already fending off a class-action lawsuit, Banner Health is also the subject of an ongoing federal investigation into a June 2016 cyberattack that exposed patient data. The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) launched an investigation in the aftermath of the attack that exposed data for 3.7…
Category: Health Data
Former nursing home employee admits stealing residents’ credit card numbers
Sam Clancy reports: A 29-year-old woman who worked for a St. Louis County nursing home pleaded guilty to stealing credit card numbers from the home’s residents. Shaniece Borney pleaded guilty to a credit card fraud scheme while she worked at NHC Health Care in 2016 and 2017, a press release from the Department of Justice…
NY: Finger Lakes Health dealing with ransomware attack (Corrected)
WHEC reports that Finger Lakes Health is functioning the old-fashioned way while its computer system remains locked up by an unspecified type of ransomware: The agency said that an outside party is demanding payment to let it access its files. The agency was notified of the breach around midnight Sunday. Officials at Finger Lakes Health say…
IA: Primary Health Care notifies patients after discovering hack of employee email accounts
From their press release, issued yesterday: Primary Health Care Inc. (“PHC”) is providing notice of an incident that occurred at PHC and may affect the security of protected health information of certain PHC patients. While PHC is unaware of any actual or attempted misuse of the information, this notice contains details about the incident and…
DocuTrac medical software is a breach risk, warns Rapid7
Warwick Ashford reports on what seems to me to be yet another case of hard-coded credentials creating a critical vulnerability in protecting patient data, and I, of course, have questions. Ashford reports: The QuicDoc & Office Therapy suite of software produced by DocuTrac contains security vulnerabilities that could allow attackers to gain control of patient…
ATI Physical Therapy notifies patients of data breach
ATI Physical Therapy is notifying patients of a security incident that appears to have targeted employees’ email accounts. Here is their update of March 12, although I’m not sure when any previous notification may have been published (their newsroom does not show any prior notice on their site): About the data privacy event ATI Holdings,…