One of the fears with medical identity theft is that a patient’s records could be corrupted in ways that could affect their care. In the case described below, the patients’ identity and insurance info wasn’t stolen, but it was misused to support a fraud scheme, and as part of the scheme, patients records were altered…
Category: Of Note
Amen, HIStalk, amen!
One of the more teeth-gnashing aspects of investigating and reporting on breaches is that I later see “mainstream” news outlets reporting on those breaches as though they had no information about them other than what the entity put out in their press release. So-called “news” outlets do not serve their readership well when they become complicit…
OCR Announces Initiative to More Widely Investigate Breaches Affecting Fewer than 500 Individuals
Glad to see this announcement from HHS/OCR: Since the passage of the Health Information Technology for Economic and Clinical Health Act of 2009 and the subsequent implementation of the Health Insurance Portability and Accountability Act (HIPAA) Breach Notification Rule, OCR has prioritized investigation of reported breaches of protected health information (PHI). The root causes of…
Patient info from Missouri clinic hacked by TheDarkOverlord remains online and available. Why?
In a post yesterday, I reported that protected health information and identity information of patients of Athens Orthopedic Clinic that had been leaked online by hackers remained available to anyone who knows where to look for it. Although it’s frustrating and understandably worrying to patients, I give AOC credit that they tried to find the leaks and plug them. I…
Locky Targets Hospitals In Massive Wave Of Ransomware Attacks
Tom Spring reports: A massive Locky ransomware campaign spotted this month targets primarily the healthcare sector and is delivered in phishing campaigns. The payload, researchers at FireEye said, is dropped via .DOCM attachments, which are macro-enabled Office 2007 Word documents. Especially hard hit are hospitals in the United States followed by Japan, Korea and Thailand, according to research…
Athens Orthopedic Clinic patient data still exposed on leak site
DataBreaches.net discovered today that two copies of a paste (data dump) with over 860 AOC patients’ information is still available online if you know where to look for it. I’m providing a redacted screenshot below so patients can get a sense of what these pastes/leaks look like, although I’ve blacked out most of the street addresses, the…