On March 19, 2024, DataBreaches reported a ransomware attack targeting New York Plastic Surgical Group (a division of Long Island Plastic Surgical Group). According to one of the threat actors involved, the attack occurred on January 7 and involved both RADAR and AlphV (BlackCat) groups working together — AlphV to encrypt files and negotiate the ransom…
Category: HIPAA
HHS Office for Civil Rights Imposes a $240,000 Civil Monetary Penalty Against Providence Medical Institute in HIPAA Ransomware Cybersecurity Investigation
In April 20218, DataBreaches reported a ransomware incident in February 2018 that had affected 81,550 patients of the Center for Orthopaedic Specialists (COS) – Providence Medical Institute (PMI) in California. The entity’s notification at the time indicated that patients’ names, dates of birth, details about medical records, and Social Security numbers had been involved in the…
Alaska Corrections contractor denies ACLU claim of ‘massive’ prisoner health data breach
Sage Smiley reports: The American Civil Liberties Union of Alaska said that it uncovered a “massive” violation of medical privacy laws by a software company used by the Alaska Department of Corrections. But the software company at the center of the complaint claims that’s “false and misleading,” and that there was no breach of data…
Senate bill pushes cyber mandates for medical industry in wake of Change Healthcare debacle
Jonathan Greig reports: Hospitals and other healthcare businesses would be required to adopt minimum cybersecurity standards and face annual audits under new legislation introduced by two prominent senators on Thursday. The Health Infrastructure Security and Accountability Act, announced by Sens. Ron Wyden (D-OR) and Mark Warner (D-VA), would provide $1.3 billion for the Department of…
Silence may not be golden: Visiting Physicians Network still silent one year after alleged data breach?
In September 2023, DataBreaches reported on an alleged ransomware attack involving Visiting Physician’s Network in Texas. The report provided screenshots of data leaked on the Threeam gang’s leak site and noted that Visiting Physician’s Network did not respond to inquiries about the breach. It is now one year later. DataBreaches has found no substitute notice,…
Proposed $65 million Lehigh Valley Health Network data breach settlement may compensate some victims $80,000
In 2023, a ransomware attack against Lehigh Valley Health Network by AlphV (BlackCat) involved the threat actors leaking nude photos of some cancer patients. In reporting on one of the first class action lawsuits launched against LVHN, DataBreaches pointed out how significant this situation and litigation might be, in part, because of the nude photos…