Signify Health, LLC is a business associate to entities covered under HIPAA. On October 12, 2020, they discovered that an employee had published his login credentials to a subscription-based job board. The employee, described as a low-level IT Support Specialist, was seeking a coding specialist to help him write a job-related script. He would later…
Category: Subcontractor
310,000 Records Compromised In University Of Colorado Data Breach, Including Social Security Numbers & University Financial Information
Audra Streetman reports: The University of Colorado released new information on Friday about the Accellion data breach that compromised more than 310,000 university records. Officials say the data accessed in the breach includes personally identifiable information, including grades and transcript data, visa and disability status, medical and prescription information and in limited cases, Social Security…
Administrative Advantage notifies patients of Remedy Medical Group after email hack
Remedy Medical Group is a pain management specialty practice in California. Their web site indicates that they are consultants to some professional sports teams in their area. Did a breach involving some of their patients’ data also impact any prominent athletes who might receive extortion demands? At this point, there is no indication of any…
Class action lawsuit filed against Roper St. Francis Healthcare over multiple data breaches
Regular readers may recall that September, 2020 was not a good month for St. Roper Francis, and DataBreaches.net had to explain that the healthcare system was dealing with notifications from two unrelated breaches. One involved 6,000 patients impacted by a hack of an employee’s email account. The other involved more than 90,000 patients impacted by…
Good Luck Explaining to HHS Why Your PHI is in GitHub’s Vault for the Next 1,000 Years
You may see a number of hospitals and covered entities issuing statements this week about a data security incident involving Med-Data (Med-Data, Incorporated). So far, Memorial Hermann, U. of Chicago, Aspirus, and OSF Healthcare have posted notices. Others should be or may be posting soon. Here’s DataBreaches.net’s exclusive report on the incident. Another Day, Another…
University of Maryland, Baltimore responds to Accellion breach
This week, a number of universities were added to CLOP threat actors’ dark web leak site. They appear to be linked to the Accellion breach in December and January. As a reminder, many of Accellion’s clients used a standalone server with Accellion’s software to transfer large files. The attack did not hit Accellion’s clients’ own…