On October 17, the FBI issued a Public Service Announcement, Cybercriminals are Targeting Plastic Surgery Offices and Patients. Five days later, DataBreaches learned that there had been another attack on a plastic surgery practice where patient data had allegedly been stolen and is in danger of being leaked publicly. It would not be surprising if…
Category: Health Data
The digital battlefront amid Israel-Hamas war includes hospitals
i24News reports a surge in anti-Israel cyberattacks, including targeting critical entities such as hospitals: Notably, around 40 to 50 different groups have claimed responsibility for approximately 400 cyber attacks against Israeli targets. The cyber conflict has also drawn in ‘hacktivists’ from countries such as Iran and Russia. Messing notes, that in the past few days…
‘Data security event’ in city’s email system may have exposed health information, Philly officials say
Nick Vadala reports: A potential data breach in the City of Philadelphia’s email system earlier this year may have exposed protected health information for an unspecified number of people. Read more at The Philadelphia Inquirer. It is not clear from what the city has disclosed why it took them almost 5 months from initial discovery…
HIPAA requires employers to sanction employees who violate HIPAA. Did you know that?
From HHS’s October cybersecurity newsletter: Last year, the Department of Health and Human Services’ (HHS) Health Sector Cybersecurity Coordination Center (HC3) released a threat brief on the different types of social engineering1 that hackers use to gain access to healthcare information systems and data.2 The threat brief recommended several protective measures to combat social engineering, one of…
BlackCat threatens to leak data from Morrison Community Hospital (1)
On October 13, AlphV threat actors added Morrison Community Hospital to their dark web leak site. Within hours, it appeared to have been removed. Today, it was re-listed with this commentary by AlphV: HUGE LEAK COMING! SQL + DATA = 5TB Given that we haven’t received a clear response from MCH representatives, we’ve decided to…
Personal Touch Holding settles NY Attorney General’s lawsuit stemming from 2021 ransomware incident: will pay $350k, improve security
From a press release from the NYS Attorney General’s Office today: New York Attorney General Letitia James today secured $350,000 from a Long Island-based home health care company, Personal Touch Holding Corporation (Personal Touch), for failing to protect vulnerable New Yorkers’ personal information and health care data. Personal Touch’s poor data security made it vulnerable to…