On August 12, Onyx Technology of Maryland began notifying regulators and others about a ransomware attack they experienced. According to their notification to the Montana Attorney General’s Office on behalf of Independent Care Health Plan (iCare), they discovered the attack on June 28. Their investigation subsequently found that “a server may have been removed or…
Category: Subcontractor
Humana, Cotiviti settle class action affecting 65,000 members
There’s an update to a breach reported on DataBreaches that involved both a business associate (Cotiviti) and insider wrong-doing by an employee of a subcontractor of the business associate (Visionary). Humana and Cotiviti agreed to a class action settlement to resolve claims they jeopardized consumer data in a 2020 data breach. The settlement benefits consumers…
NY: Practice Resources, LLC notifies 942,138 patients after ransomware attack
On August 4, Practice Resources, LLC notified the California Attorney General’s Office that it had been the victim of a ransomware attack on April 12. They also notified HHS that 942,138 patients were affected by the breach (see below). The New York firm is a business associate that provides a variety of health management services,…
Lee County Emergency Medical Services notifies past customers of third-party security breach
Cape Coral Breeze reports: Lee County Emergency Medical Services reports that on Aug. 4 staff received notification of a customer data breach related to a previous third-party vendor responsible for ambulance billing services. Lee County EMS conducted business with a company called Intermedix Corporation for nearly 15 years, ending its vendor contract in September 2014….
When 2+2 = OMG: Two hospitals, two breaches each, both discovered in same month.
Conifer Revenue Cycle Solutions provided notice on Friday concerning a breach on January 20, 2022, when an unauthorized individual accessed a Microsoft Office 365-hosted business email account. Conifer discovered the breach on April 14, 2022. The email account is separate from Conifer’s internal network and systems, which were not impacted. But the compromise enabled the…
Warner Norcross & Judd notified 120,000 Priority Health Plan members of 2021 breach
On July 11, the law firm of Warner Norcross & Judd reported a data breach to the California Attorney General’s Office and other states. This past week, they issued a press release concerning the same incident and also issued a second press release on behalf of Priority Health, a health insurer in Michigan. From the…