A systems error involving the Arizona Health Care Cost Containment System (AHCCCS) resulted in 2,632 Health-e-Arizona Plus household accounts having their data accidentally exposed to others accessing the website. The breach was discovered on May 11, but had occurred earlier in the year. Name, addresses, and the last four digits of social security numbers were exposed…
Category: U.S.
San Bernardino Sheriff’s Department update: can’t rule out that PII and PHI were accessed in ransomware attack
The Fontana Herald News alerts us to an update by the San Bernardino County Sheriff’s Department concerning the ransomware attack they experienced in early April. The county now states that they have been unable to determine definitively if personally identifiable information (PII) and protected health information (PHI) were accessed. From the county’s June 23 notice:…
Mount Desert Island Hospital notifies 24,180 patients of April network attack
On June 30, Mount Desert Island Hospital in Maine reported a breach to HHS that affected 24,180 patients. The hospital had previously disclosed the incident on June 5, when they posted a notice on their website that said that they had detected unusual activity on their network on May 4. An investigation determined that there…
Breach Victims Have Standing When Data Misused, 1st Circuit Says
Christopher Brown reports: A data-breach victim whose personal information was subject to actual misuse has standing to sue the entity that suffered the breach, a federal appeals court said. Plaintiff Alexsis Webb plausibly alleged an injury-in-fact sufficient to confer standing to sue Injured Workers Pharmacy Inc. based on her allegation that information stolen from the…
Paying the ransom: Hospitals face hard choices in cyberattacks | Special Report
Ron Southwick has a thoughtful piece on the complexities of deciding whether or not to pay ransom if a healthcare entity is the victim of a cyberattack. As experts comment, while most experts and law enforcement prefer victims not pay ransom, sometimes entities decide they need to do it. But what are they paying it…
At least 100,000 could have had data exposed after US health department was hit by global MOVEit cyberattack
Sean Lyngaas reports: At least 100,000 people could have had their data compromised by a hack of contractors at the Department of Health and Human Services, a department official said Thursday, making it the latest US government agency to be caught up in a sweeping cyberattack connected to Russian cybercriminals. HHS notified Congress of the breach on…