Here’s yet another ransomware incident in which investigators couldn’t really determine whether ePHI were actually accessed, so the entity notified HHS and is notifying patients. In this case, we are dealing with what could be treatment information for more stigmatizing conditions such as alcoholism or addiction. According to their report to HHS, 25,148 patients are…
Category: Of Note
American Medical Collection Agency breach impacted 200,000 patients – Gemini Advisory
A data breach involving a medical collection agency affected more than 200,000 patients who had used the firm’s online payment portal between September, 2018 and the beginning of March, 2019. At the end of February, Gemini Advisory analysts identified a Card Not Present (CNP) database that had been posted for sale in a dark web…
Member of Sophisticated China-Based Hacking Group Indicted for Series of Computer Intrusions, Including 2015 Data Breach of Health Insurer Anthem Inc. Affecting Over 78 Million People
More than four years from hack to indictment. How many more until they actually have the alleged hackers in custody? From the U.S. Department of Justice, this press release today: A federal grand jury returned an indictment unsealed today in Indianapolis, Indiana, charging a Chinese national as part of an extremely sophisticated hacking group operating…
Database With Millions of Indian Personal Records Exposed and Hijacked
Bob Diachenko writes: On May 1st, I have discovered an unprotected and publicly indexed MongoDB database which contained 275,265,298 records with personal identifiable information (PII) on Indian citizens, including the following fields: Name Email Gender Education level and area of speciazliation Professional skills / functional area Mobile phone number Employment history and current employer Date of…
Spectrum Health Lakeland notifies patients after billing vendor breach
I’m not finding anything on their web site just yet, but Spectrum Health Lakeland has reportedly been notifying patients about a breach involving their billing provider, OS Inc. WSJM reports that the health system learned of the breach on March 8 after an OS employee’s email account containing patient information was accessed without authorization. The information…
2019 Verizon Data Breach Investigations Report (DBIR) is Out
This year, Verizon’s DBIR is based on data from 41,686 security incidents and 2,013 data breaches provided by 73 data sources, both public and private entities, spanning 86 countries worldwide. You can read the Executive Summary here, or read the full report here. There are some data in it that may raise an eyebrow or…