In September 2022, DataBreaches broke the story of how Hive had attacked Tift Regional Medical Center in Georgia between July and August. The attack did not involve encryption of systems but Hive claimed to have exfiltrated about 1 TB of data, including files with protected health information. On October 14, Tift notified HHS of an…
Category: HIPAA
Another hospital hit by ransomware: Columbus Regional Healthcare System in North Carolina hit by Daixin
Columbus Regional Healthcare System (CRHS) is a non-profit organization in North Carolina licensed for 154 beds. The Daixin ransomware group claims that on May 18, they encrypted the hospital’s servers after exfiltrating data and deleting backups. A Ransom Demand and Failed Negotiations A spokesperson for Daixin tells DataBreaches that three days after they encrypted the…
HHS OCR settles charges against Manasa Health Center for disclosing PHI in response to a negative online review
New Jersey psychiatry practice pays $30,000 to settle complaint about impermissible disclosure of protected health information by disclosing this information in online review Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announces a settlement with Manasa Health Center, LLC, a health care provider in New Jersey that provides…
Two ransomware groups claimed to have attacked Albany ENT & Allergy Services and leaked data, but AENT doesn’t mention that at all in their notification?
On April 28, DataBreaches reported that two different ransomware groups claimed to have attacked Albany ENT & Allergy Services, P.C. in Albany, New York. This week, Albany ENT & Allergy Services notified regulators and 224,486 affected employees and patients about a breach. Their notification is stunning, however, for its lack of certain details. In their…
HHS Office for Civil Rights Settles HIPAA Investigation with Arkansas Business Associate MedEvolve Following Unlawful Disclosure of Protected Health Information on an Unsecured Server for $350,000
As background: this case began with someone finding an unsecured FTP server owned by MedEvolve. He reported it to DataBreaches. This site first reported on the leak in 2018. This site also reported when MedEvolve issued a statement months later, and again two years later when HHS got them to notify patients. Today, the U.S….
HHS Cybersecurity Task Force Provides New Resources to Help Address Rising Threat of Cyberattacks in Health and Public Health Sector
On April 17, 2023, The U.S. Department of Health and Human Services (HHS) 405(d) Program announced the release of the following resources to help address cybersecurity concerns in the Healthcare and Public Health (HPH) Sector: Knowledge on Demand – a new online educational platform that offers free cybersecurity trainings for health and public health organizations to…