In doing some of my weekly investigating, I discovered that OCR seems to have closed its investigation into the Bizmatics, Inc. breach that affected an untold number of PrognoCIS customers and their patients. At last count, I think we knew about almost 300,000 patients that were notified of an incident where Bizmatics could not even…
Category: Subcontractor
Millennium Hotels & Resorts North America Informed of Potential Data Security Incident
The Secret Service alerts you, a vendor notifies you… do we really think this is just a “potential” data security incident? Their press release: Millennium Hotels & Resorts North America (MHR) has become aware of a data security incident involving food and beverage point of sale systems at 14 of its hotels in the United…
Four states’ fishing and hunting licensing sites hacked (update3)
The databases of four state wildlife sporting licensing sites have been hacked, according to an individual who claims to be the hacker. On Monday, an individual calling him/herself “Mr. High” posted the following on an AlphaBay forum: I just hacked four websites and reported the security holes. Two of these were government websites. All of these…
Newkirk Products, Inc. Provides Update to Notice of Data Breach
From Newkirk, notice that another health insurer was also affected by the previously reported breach: Newkirk Products, Inc. (“Newkirk”), a service provider that issues healthcare ID cards for health insurance plans, today provided an update on its previously announced cyber security incident. Symphonix Health Insurance, a client of DST Health Solutions, Inc., is also identified…
Athens Orthopedic Clinic incident response leaves patients in the dark and out of pocket for protection
On June 26, after learning that databases with patients’ protected health information had been put up for sale on the dark web, DataBreaches.net began investigating and trying to alert the victim entities so that they could take immediate steps to try to mitigate harm to patients. By that evening, I had sent an email to Athens Orthopedic…
Quest Records LLC breach linked to TheDarkOverlord hacks; more entities investigate if they’ve been hacked
At the end of June, DeepDotWeb broke the story that hackers calling themselves TheDarkOverlord (TDO) had put three databases with patient information up for sale on the dark net. Although the owners of the databases were not listed, DataBreaches.net was able to identify two of the three entities as the Athens Orthopedic Clinic (AOC) in Atlanta and Midwest Orthopedic Pain and Spine (MOPS) in Farmington, Missouri. Both entities…