From their press release: National Mentor Healthcare, LLC (d/b/a Georgia MENTOR) is notifying individuals of a data security event that could potentially impact the security of certain personal information. Although we are unaware of any actual or attempted misuse of the information, we are providing potentially impacted individuals with information about the event, steps taken…
Category: Health Data
OCR investigating Banner Health’s 2016 data breach
Evan Sweeney reports: Already fending off a class-action lawsuit, Banner Health is also the subject of an ongoing federal investigation into a June 2016 cyberattack that exposed patient data. The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) launched an investigation in the aftermath of the attack that exposed data for 3.7…
Former nursing home employee admits stealing residents’ credit card numbers
Sam Clancy reports: A 29-year-old woman who worked for a St. Louis County nursing home pleaded guilty to stealing credit card numbers from the home’s residents. Shaniece Borney pleaded guilty to a credit card fraud scheme while she worked at NHC Health Care in 2016 and 2017, a press release from the Department of Justice…
NY: Finger Lakes Health dealing with ransomware attack (Corrected)
WHEC reports that Finger Lakes Health is functioning the old-fashioned way while its computer system remains locked up by an unspecified type of ransomware: The agency said that an outside party is demanding payment to let it access its files. The agency was notified of the breach around midnight Sunday. Officials at Finger Lakes Health say…
IA: Primary Health Care notifies patients after discovering hack of employee email accounts
From their press release, issued yesterday: Primary Health Care Inc. (“PHC”) is providing notice of an incident that occurred at PHC and may affect the security of protected health information of certain PHC patients. While PHC is unaware of any actual or attempted misuse of the information, this notice contains details about the incident and…
DocuTrac medical software is a breach risk, warns Rapid7
Warwick Ashford reports on what seems to me to be yet another case of hard-coded credentials creating a critical vulnerability in protecting patient data, and I, of course, have questions. Ashford reports: The QuicDoc & Office Therapy suite of software produced by DocuTrac contains security vulnerabilities that could allow attackers to gain control of patient…