Gretchen Hjelmstad reports: The imaging vendor Sanford Health uses for its mobile heart screen trucks, DMS Health Technologies, experienced a data security incident between March 27 and April 24, 2023. According to Sanford Health, patient information was potentially compromised including name, date of birth, date of service, physician name and exam type. Sanford Health is…
Category: Subcontractor
MO: Cyberattack causes multiple court systems to shut down some public safety computer servers
Kelsey Landis reports: A cyberattack caused St. Louis County to shut down some computer systems used to look up court cases, issue charges and process people in custody at the jail, County Executive Sam Page said Tuesday. Police officers, jail officials, the county counselor, municipal court officials and the prosecuting attorney’s office all use the…
An inexcusable gap from breach to notification, or an excusable one?
Some state and federal laws provide specific timeframes by which breached entities must provide notice to regulators and to those affected by a data breach. Unfortunately, loopholes abound, as we seen in statutory language such as Minnesota’s breach notification law, where for timing of notification, it says: “The disclosure must be made in the most…
Rite Aid, one of many victims in MOVEit breach, sued for negligence
Rite Aid was one of numerous entities affected by the massive MOVEit breach. In July, they disclosed that 24,400 patients’ pharmacy information including medication names and dates of fill, prescriber information and limited insurance information was involved. They were notified by their vendor of the breach on May 31. Now it is reportedly being sued,…
The Blackbaud data breach — SuspectFile’s final chapter
Marco A. De Felice of SuspectFile is my brother by another mother. We don’t speak the same language, and we wouldn’t know each other if we passed on a street, but he has the same genetic disorder that I have: a determination to uncover information that breached entities try to bury or ignore. Since 2020,…
Janssen health database breached in cyber incident
Stefanie Schappert reports: IBM announced Wednesday that an unauthorized party breached the patient healthcare database it manages for the Johnson & Johnson-owned Janssen CarePath platform. Many of the patients are or have been treated for serious diseases, such as cancer. […] IBM says the breach exposed the sensitive information of an undisclosed number of patients,…