Doctors Community Medical Center in Maryland is notifying an unreported number of patients whose protected health information was potentially compromised by a phishing incident. In January, the center noticed unusual network activity in its payroll system. Their investigation revealed that a number of employees had fallen for a phishing attack and that the attacker(s) had…
Category: Phishing
Less than two weeks after an Indiana hospital reported a phishing-related HIPAA breach, they had a second one
I was working today on adding details to spreadsheets that I use in calculating the gap between breach and discovery, and between discovery and notification. One of the incidents I was looking into today involved a report from Lafayette Regional Rehabilitation Hospital in Indiana. On November 25, they learned that in July, 2019 someone had…
IE: Data of 9,735 teachers shared after ‘phishing’ email breach
Katherine Donnelly reports: A data breach at the Teaching Council has led to personal information relating to 9,735 teachers being shared. The council, which holds personal data on 104,000 serving and retired teachers, has alerted those affected and said it was “not likely to result in any real risk to you in circumstances where limited…
University of Utah Health notifies patients of phishing attacks that began in January
The University of Utah Health is notifying patients whose protected health information was in some employees’ email accounts after they fell for a phishing attack. The following is a notice posted on their website March 20th: We are committed to protecting the confidentiality of our patients’ information. Regrettably, this notice is regarding an incident involving…
Oregon DHS notifies public of data breach
KTVZ reports: The Oregon Department of Human Services announced Friday that it uncovered a “phishing” incident on March 6 that affected one staff member’s e-mail. […] The security and confidentiality of private health information is critical to the Department of Human Services. While the department cannot confirm that any clients’ personal information was acquired from…
Tandem Diabetes Care notifies customers of phishing incident
Update: This incident was reported to HHS on March 17 as impacting 140,781 patients. Their press release: Tandem Diabetes Care, Inc. (“Tandem”) is committed to protecting the confidentiality and security of our customers’ information. Regrettably, this notice is to inform our customers of a recent phishing incident that may have involved some customer information. What…