Catalin Cimpanu reports: Hackers linked to Iran have targeted 25 senior professionals at various medical research organizations located in the US and Israel as part of a weeks-long phishing campaign, email security firm Proofpoint revealed today. The attacks are part of a long series of attacks that have repeatedly and increasingly targeted medical and pharmaceutical…
Category: Phishing
Overseas Service Corporation notification of a breach
Another report we may not see on HHS’s public breach tool but that involves health information. This reads like it is a notification to employees based on the types of data involved, but it doesn’t actually say who the breach impacted. Overseas Service Corporation (“OSC”) announced today a phishing email incident that involved a small…
CA: St. Agnes Medical Center patient data compromised in email breach at St. Alphonsus
Donald A. Promnitz reports: Saint Agnes Medical Center has experienced a cybersecurity incident that originated with a sister hospital in the Pacific Northwest. According to a media release from Saint Agnes, an employee of Oregon/Idaho-based Saint Alphonsus Health System had their email compromised by an unauthorized user. This individual used the employee’s account to send…
Court Upholds Insurers’ Denial of $6M Crime Claim for Phishing Loss
Andrew G. Simpson reports: Real estate software maker RealPage has been denied a $6 million computer crime insurance coverage claim because the stolen funds were not in its possession but were instead being held by a payment processing firm at the time of a phishing scheme. National Union Fire Insurance Co. (a unit of American…
Volunteers of America Chesapeake & Carolinas Notice of Security Incident
This morning’s reminder that it’s not just HIPAA covered entities or business associates that may be exposing your medical information to a breach. Volunteers of America Chesapeake & Carolinas (“VOACC”) announced today a phishing email incident that involved a small number of email accounts in its computer environment. The phishing email incident resulted in unauthorized access to…
OH: Fisher-Titus Medical Center notified patients; employee email account accessed last year
Brandon Addeo reports: The personal information of patients at Fisher-Titus Medical Center was compromised after an unknown person gained access to an employee’s email account. According to a notice from the Norwalk hospital, someone accessed an employee’s email between August 2020 and October 2020. That email account contained personal information including people’s full names, Social…