BORN (the Better Outcomes Registry & Network) in Canada has disclosed it was affected by the MOVEit breach. From their notice: During the breach, unauthorized copies of files containing personal health information were taken from BORN’s systems. The personal health information that was copied was collected from a large network of mostly Ontario health care…
Category: Health Data
Ransomware group claimed to have hit a New Jersey cardiology group. Did they?
On September 2, the NoEscape ransomware group added Mulkay Cardiology Consultants to their leak site and claimed to have successfully encrypted them. “We have 60GB of confidential and personal data on more than 30,000 patients, scans, doctor’s conclusions about patients and many other confidential information,” they claimed in their listing about the New Jersey medical…
Pain Care Specialists may be feeling the pain of a ransomware attack
It appears that Pain Care Specialists in Oregon became the victim of an attack by AlphV. The threat actors added the medical entity to their leak site earlier today with some files with personal information on employees and patients. AlphV’s listing noted that the breach occurred on September 13, and, “As a result of our…
TissuPath’s data breach notice provides details about how they were attacked and their incident response
Mirage reports: TissuPath, a specialist pathology firm in Australia, has experienced a data breach due to a cyber security incident. The breach involved a third-party supplier attack, accessing pathology referral records kept in a backup storage drive. Read more at Mirage News. TissuPath has posted a security notice on its website that begins with an…
Mount Desert Island Hospital updates its breach disclosure again but still doesn’t reveal what data were leaked
On July 1, DataBreaches reported that Mount Desert Island Hospital (MDIH) in Maine notified HHS on June 30 that 24,180 patients had been affected by a breach between April 28 and May 7. The types of protected health information involved included name, address, date of birth, driver’s license/state identification number, Social Security number, financial account…
OCR Presents: How the Security Rule Can Help Defend Against Cyber-Attacks
The HHS Office for Civil Rights (OCR) will be producing a pre-recorded webinar for HIPAA covered entities and business associates (collectively, “regulated entities”) discussing how the Security Rule can help regulated entities defend against cyber-attacks. The webinar will discuss real world cyber-attack trends from OCR breach reports and investigations and explore how implementation of appropriate…