DataBreaches would have passed over a listing on LockBit3.0’s site if Brett Callow hadn’t kindly called our attention to it. The listing by the threat actors was for HSKS Greenhalgh Chartered Accountants and Business Advisors, and LockBit claimed to have exfiltrated 168 GB of files with: Employees (NIN numbers, passport scans, ID scans, Employee forms…
Category: Health Data
UK: Former NHS secretary found guilty of illegally accessing medical records
A reminder of the insider threat: A former NHS employee has been found guilty and fined for illegally accessing the medical records of over 150 people. Loretta Alborghetti, from Redditch, worked as a medical secretary within the Ophthalmology department at Worcestershire Acute Hospitals NHS Trust when she illegally accessed the records. In June 2019, a…
Does claiming you were hacked when you had really just screwed up violate the FTC Act?
On November 12, DataBreaches published an OpEd, If entities continue to obfuscate and lie, it’s time to mandate more transparency in breach disclosures. Today, we post another example of why we need to legislate and enforce data breach notification laws that prohibit deceptive statements and mandate more disclosure when data has been leaked. This week,…
CEOs of Ontario hospitals hit by ransomware attack provide updates on impact and look for no ransom payment legislation
Jennifer LaGrassa reports: For the first time, top leadership from the five southwestern Ontario hospitals hit by a ransomware attack answered questions from the media — acknowledging the significant impact the incident has had on care, as well as the large amount of stolen data. During the roughly 50-minute meeting on Friday, each hospital CEO said their…
Was Yakima Valley Radiology the victim of a cyberattack? They’re not answering that.
On September 24, Karakurt threat actors added Yakima Valley Radiology PC to their leak site. Their listing claimed that they acquired 9.31 GB of files including “financial reports, client lists with contacts, list of patients for 15 years (212579 rows), a database of social security numbers (including staff, doctors) with 766000 rows.” Karakurt did not…
Australian Privacy Regulator Sues in MedLab Pathology Data Breach Case
Hunton Andrews Kurth writes: Patrick Gunning from King & Wood Mallesons reports that, on November 2, 2023, the Australian Information Commissioner filed proceedings in the Federal Court of Australia against Australian Clinical Labs Limited seeking a civil penalty (i.e., a fine) in connection with the company’s response to a data breach that occurred in February…