HHS added ten listings to its public leak site today, all of which are part of the Integrated Oncology Network (“ION”). According to its substitute notice, on May 9, ION concluded an investigation of a phishing incident that occurred between December 13 and December 16, 2024. The incident resulted in “unauthorized access to patient information…
Category: U.S.
HHS’ Office for Civil Rights Settles HIPAA Privacy and Security Rule Investigation with Deer Oaks Behavioral Health for $225k and a Corrective Action Plan
In October 2023, Deer Oaks Behavioral Health in Texas disclosed a ransomware attack that affected 171,871 patients, which they discovered on September 1, 2023. LockBit3.0 claimed responsibility at the time and leaked data from the incident. Today, HHS OCR announced a settlement with Deer Oaks following an expanded investigation that had been opened after an…
Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
While some of us were considering whether Hunters International was in the process of re-branding as World Leaks or not, World Leaks was busy adding a hospital to its leak site. Kentfield Hospital in California is a critical care hospital that specializes in treating patients with complex medical needs who require an extended period of…
Senator Chides FBI for Weak Advice on Mobile Security
Brian Krebs reports: Agents with the Federal Bureau of Investigation (FBI) briefed Capitol Hill staff recently on hardening the security of their mobile devices, after a contacts list stolen from the personal phone of the White House Chief of Staff Susie Wiles was reportedly used to fuel a series of text messages and phone calls impersonating her to U.S….
Kelly Benefits updates its 2024 data breach report: impacts 550,000 customers
Bill Toulas reports: Kelly & Associates Insurance Group (dba Kelly Benefits) is informing more than half a million people of a data breach that compromised their personal information. The Maryland-based health and life insurance agency has issued an update on a security incident it suffered last year between December 12-17, when unauthorized actors breached its IT…
CMS Sending Letters to 103,000 Medicare beneficiaries whose info was involved in a Medicare.gov breach.
The Centers for Medicare & Medicaid Services (CMS) has been busy issuing notices about breaches this week. First, it warned providers about a fraud scheme involving medical records requests. Now it is notifying Medicare beneficiaries whose information was involved in a data breach where threat actors were able to create online accounts using beneficiaries’ information…