Grand Street Medical Associates is a multi-disciplinary practice in Kingston, New York. At some point, what appears to be a vast amount of their patients’ protected health information was left exposed on an unsecured FTP server. The leak was discovered by a security researcher, who notified GSMA and then contacted DataBreaches.net on March 12. According…
Category: Of Note
KY: Ransomware incident at Methodist Hospital in Henderson (update2)
On March 15, Jessica Gavin reported: A cyber security breach, striking Methodist Hospital in Henderson. We’re learning the FBI is investigating this right now, but there’s some good news. [….] David Park, COO of Methodist, tells 14 NEWS the hackers have copied patients records and locked those copies. They’ve deleted the originals. “We’ve notified the FBI,…
Featured Story: Henry Ford Healthcare System: creating a culture of privacy
Over the past decade of reporting on healthcare sector breaches, I can probably count on one hand the number of entities who have impressed me that they really “get” that responding to a privacy breach is not primarily about data or statutory notifications. It’s about addressing any distrust or anxiety patients may feel about you protecting their confidentiality, because…
Security researcher investigating Bangladesh central bank cyber-heist kidnapped? (UPDATED)
Researching and reporting on data breaches has always had some element of risk attached. You can get accused of hacking, or you can get threatened with litigation. In Brian Krebs’s case, you can find yourself swatted. Or in my case, you can get threatened with infection of HIV. But with the exception of swatting, the rest pales…
Improper disclosure of research participants’ protected health information results in $3.9 million HIPAA settlement
There’s a follow-up to a breach I first noted on this blog in 2012 when Feinstein Institute for Medical Research issued a press release about a laptop stolen from a programmer’s car. Now HHS has issued a press release of its own: Improper disclosure of research participants’ protected health information results in $3.9 million HIPAA…
More details emerge on DOJ probe of Tiversa, company involved in FTC v. LabMD
When I’m right, I’m right. The DOJ did raid Tiversa. DataBreaches.net was subsequently able to get additional details from a source. But first start with this report from Reuters’ Joel Schechtman: Federal agents are investigating whether cyber-security firm Tiversa gave the government falsified information about data breaches at companies that declined to purchase its data protection…