The Centers for Medicare & Medicaid Services (CMS) has been busy issuing notices about breaches this week. First, it warned providers about a fraud scheme involving medical records requests. Now it is notifying Medicare beneficiaries whose information was involved in a data breach where threat actors were able to create online accounts using beneficiaries’ information…
Category: U.S.
Esse Health provides update about April cyberattack and notifies 263,601 people
Esse Health has notified the Maine Attorney General’s Office that 263,601 people were affected by an incident they first disclosed in early May. Esse has 45 locations in and around the St. Louis metropolitan area. According to their notices and update of June 20, 2025, Esse first became aware of unusual activity on its system…
Horizon Healthcare RCM discloses ransomware attack in December
Attacks on revenue cycle management (RCM) firms and debt collection firms often provide criminals with a wealth of personal and protected health information because successfully compromising one billing vendor may give access to the sensitive data of numerous covered entities or clients. Horizon Healthcare RCM (“Horizon”) in Indiana is the latest RCM to disclose that…
Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
Leela Stockley reports that a data security incident at a Northern Light Health vendor may have compromised some patients’ information. The vendor, Compumedics, provides sleep disorder diagnostic services for health system patients seen at Northern Light Eastern Maine Medical Center, Northern Light AR Gould, and Northern Light Sebasticook Valley Hospital. No report has appeared yet…
Potential Cyberattack Scrambles Columbia University Computer Systems
Sharon Otterman reports: A potential cyberattack continued for a second day to cause widespread computer system outages at Columbia University on Wednesday as the school’s engineers worked to investigate the problem and restore service. The attack, which began in the early morning hours on Tuesday, initially shut down all systems on the school’s Morningside campus…
From $5,000 to $800,000: Days Apart, OCR Security Settlements Show Puzzling Math
More great reporting and analysis by Therese Defino of the Health Care Compliance Association (HCCA): A single incident that may have started as a personal vendetta or an extortion threat seven years ago has cost a Florida health care system $800,000, and comes on the heels of an unrelated breach suffered by a different hospital…