Alexander Quon reports: The Nova Scotia Health Authority (NSHA) is in the process of notifying nearly 3,000 people about a potential privacy breach involving personal health information, the organization announced on Monday. The health authority says the breach was detected by its IT team on May 13, 2019, after an employee’s email account was compromised…
Category: Phishing
Aetna first notifying 238 Virginia employees of BenefitMall breach that they’ve known about since December, 2018?
In January, 2019, we learned about a breach at Centerstone Insurance and Financial Services, Inc. d/b/a BenefitMall, a business associate. The breach reportedly affected more than 111,000 insurance members/covered employees of the vendor’s clients. HIPAA Journal covered the incident. Yesterday, Aetna issued a public notice related to the incident. Surprisingly, their notice discloses that by…
Health Quest phishing incident in 2018 results in notification to patients, but why such a long delay?
Today’s Poughkeepsie Journal has a news story about a phishing incident that appears to have been discovered in July, 2018 that affected an unspecified number of Health Quest patients. From the available information, it sounds like Health Quest first discovered email attachments in January, 2019, and then it took them until April 2, 2019 to…
Phisher folk reel in Computacenter security vetting mailbox packed with sensitive staff data
Paul Kunert reports: The third-party mailbox used by Computacenter employees and contractors to deposit data for security clearance applications has been hacked and used in phishing scams. The company, one of Europe’s largest resellers, counts some of the biggest names in financial services among its corporate client base, and sells to a raft of local…
Legal Threats Make Powerful Phishing Lures
Brian Krebs reports: Some of the most convincing email phishing and malware attacks come disguised as nastygrams from a law firm. Such scams typically notify the recipient that he/she is being sued, and instruct them to review the attached file and respond within a few days — or else. Here’s a look at a recent…
Cancer Treatment Centers of America notifies patients after phishing attack on employee email account
Cancer Treatment Centers of America has been sending notification letters to patients whose protected health information was in an employee email account that was compromised by a phishing attack. The employee works at the Southeastern Regional Medical Center. The attack took place on March 10, 2019, and the attacker was potentially able to access the…