One of the more teeth-gnashing aspects of investigating and reporting on breaches is that I later see “mainstream” news outlets reporting on those breaches as though they had no information about them other than what the entity put out in their press release. So-called “news” outlets do not serve their readership well when they become complicit…
Category: Of Note
OCR Announces Initiative to More Widely Investigate Breaches Affecting Fewer than 500 Individuals
Glad to see this announcement from HHS/OCR: Since the passage of the Health Information Technology for Economic and Clinical Health Act of 2009 and the subsequent implementation of the Health Insurance Portability and Accountability Act (HIPAA) Breach Notification Rule, OCR has prioritized investigation of reported breaches of protected health information (PHI). The root causes of…
Patient info from Missouri clinic hacked by TheDarkOverlord remains online and available. Why?
In a post yesterday, I reported that protected health information and identity information of patients of Athens Orthopedic Clinic that had been leaked online by hackers remained available to anyone who knows where to look for it. Although it’s frustrating and understandably worrying to patients, I give AOC credit that they tried to find the leaks and plug them. I…
Locky Targets Hospitals In Massive Wave Of Ransomware Attacks
Tom Spring reports: A massive Locky ransomware campaign spotted this month targets primarily the healthcare sector and is delivered in phishing campaigns. The payload, researchers at FireEye said, is dropped via .DOCM attachments, which are macro-enabled Office 2007 Word documents. Especially hard hit are hospitals in the United States followed by Japan, Korea and Thailand, according to research…
Athens Orthopedic Clinic patient data still exposed on leak site
DataBreaches.net discovered today that two copies of a paste (data dump) with over 860 AOC patients’ information is still available online if you know where to look for it. I’m providing a redacted screenshot below so patients can get a sense of what these pastes/leaks look like, although I’ve blacked out most of the street addresses, the…
Athens Orthopedic Clinic incident response leaves patients in the dark and out of pocket for protection
On June 26, after learning that databases with patients’ protected health information had been put up for sale on the dark web, DataBreaches.net began investigating and trying to alert the victim entities so that they could take immediate steps to try to mitigate harm to patients. By that evening, I had sent an email to Athens Orthopedic…