May 31 – Today, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) published an update to the frequently asked questions (FAQs) webpage concerning the Change Healthcare cybersecurity incident. The webpage, first published on April 19, 2024, provides answers to FAQs concerning the Health Insurance Portability and Accountability Act of 1996 (HIPAA)…
Category: HIPAA
United Urology Group appears to be a victim of a ransomware attack; some patient data already leaked
United Urology Group describes itself as a national network of urology specialists with corporate headquarters in Maryland. Their network includes Arizona Urology Specialists Phoenix, Arizona Urology Specialists Tucson, Chesapeake Urology, Colorado Urology, and Tennessee Urology. On May 23, RansomHouse threat actors claimed to have encrypted their system on May 4 and exfiltrated about 300 GB…
100 Groups Urge Feds to Put UHG on Hook for Breach Notices
Marianne Kolbasuk McGee reports: More than 100 medical associations and industry groups representing tens of thousands of U.S. doctors and healthcare professionals have banded together to urge federal regulators to hold Change Healthcare responsible for breach notifications related to a massive February ransomware attack. The groups in a letter Monday asked the U.S. Department of Health and…
Tx: CentroMed discloses a second data breach within one year (UPDATE 1)
In August 2023, El Centro Del Barrio (“CentroMed”) reported a breach that affected 350,000 patients. The incident, which had been claimed by Karakurt threat actors in June, involved patients’ names, addresses, dates of birth, Social Security numbers, financial account information, health insurance plan member IDs and claims data. A check of Karakurt’s leak site today…
Guthrie Lourdes Hospital still struggling with effects of Ascension cyberattack
Phoebe Taylor-Vuolo, Report for America corps member, reports: Guthrie Lourdes Hospital in Binghamton continues to feel the impact of a recent cyberattack on Ascension, its former parent organization. Ascension said it was hit with a ransomware attack on May 8. Lourdes was officially acquired by the Guthrie health system in February, but officials say that transition is…
Fred Hutch notifies more patients of November 2023 attack (1)
In December 2023, UW’s Fred Hutchinson Cancer Center (“Fred Hutch”) reported a November cyberattack that involved the exfiltration of patient data and attempted extortion of patients. DataBreaches contacted Fred Hutch on December 8 to ask whether the attackers had encrypted their files and whether they had negotiated with the threat actors. They did not reply….