On June 26, after learning that databases with patients’ protected health information had been put up for sale on the dark web, DataBreaches.net began investigating and trying to alert the victim entities so that they could take immediate steps to try to mitigate harm to patients. By that evening, I had sent an email to Athens Orthopedic…
Category: Of Note
Quest Records LLC breach linked to TheDarkOverlord hacks; more entities investigate if they’ve been hacked
At the end of June, DeepDotWeb broke the story that hackers calling themselves TheDarkOverlord (TDO) had put three databases with patient information up for sale on the dark net. Although the owners of the databases were not listed, DataBreaches.net was able to identify two of the three entities as the Athens Orthopedic Clinic (AOC) in Atlanta and Midwest Orthopedic Pain and Spine (MOPS) in Farmington, Missouri. Both entities…
Why We Should Score Data Breaches
Dan Munro had an interesting conversation with Jeff Williams of Contrast Security at BlackHat, which led to a draft scoring system for data breaches and corporate responses: Tone – Is the announcement apologetic and not blaming? Does it acknowledge that there should have been better defenses and that the breach should have been detected and been…
UK: Sage suffers data breach that may impact employees of as many as 300 companies
Lauren Fedor reports: Personal details and bank account information for employees of as many as 300 UK companies may have been compromised as part of a data breach at Sage, the UK software group. […] On Friday, the Newcastle-based group notified around 200 of its current UK business customers that their information — including employee bank…
Valley Anesthesiology and Pain Consultants Notifying 882,590 Patients PLUS all Employees and Providers of Security Incident
If you can’t prove there was no access, the presumption is that it’s a reportable breach. Today, Valley Anesthesiology and Pain Consultants (VAPC) announced that it is addressing a security incident involving certain patient, provider and employee information. VAPC is providing notice to approximately 882,590 patients, and all current and former employees and providers, who…
Bon Secours notifies 655,000 patients that vendor error exposed patient info on Internet
Bon Secours Health System, Inc. (“Bon Secours”) and its affiliates are committed to maintaining the privacy and security of our patient information. This notice is to inform our patients of an incident involving one of our vendor’s handling of some patients’ information. On June 14, 2016, Bon Secours discovered that files containing patient information inadvertently…