The Center for Autism and Related Disorders (“CARD”) has locations throughout the U.S. On January 24, it experienced a reportable breach when “as part of a recent update to its patient billing systems, the third-party vendor responsible for generating patient invoices incorrectly made a computer error which resulted in certain caregivers receiving an invoice for…
Category: U.S.
Updates to the Gramm-Leach-Bliley Act Cybersecurity Requirements
POSTED DATE: February 09, 2023 AUTHOR: Federal Student Aid ELECTRONIC ANNOUNCEMENT ID: GENERAL-23-09 SUBJECT: Updates to the Gramm-Leach-Bliley Act Cybersecurity Requirements On December 9, 2021, the Federal Trade Commission (FTC) issued final regulations (Final Rule) to amend the Standards for Safeguarding Customer Information (Safeguards Rule), an important component of the Gramm-Leach-Bliley Act’s (GLBA) requirements for protecting the…
AmerisourceBergen MWI Animal Health hit by Lorenz; Company investigating
The Lorenz ransomware group has added AmerisourceBergen/MWI Animal Health to their leak site with what teasingly appears to be a lot of data, except there is no key to unlock the leaked files. Those who want the key will have to contact Lorenz and buy the key. Lorenz did provide a file list as a…
MA: DotHouse Health discloses data breach but has yet to send letters to patients
On or about December 10, AlphV (aka BlackCat) added DotHouse Health.org to their leak site, where they attempt to pressure victims into paying any ransom demands. In this case, the threat actors did not post any proof pack, but they claimed to have infiltrated 800 GB of data from the Massachusetts HIPAA-covered healthcare provider. On…
Emailing error causes former Blue Cross Blue Shield customers to receive claims
Joseph Choi reports: Many former customers of Blue Cross Blue Shield (BCBS) health plans woke up on Friday to discover they had been notified of insurance claims despite not being covered by the provider for some time, causing concerns that a security breach could have leaked customer information. Several people on social media on Friday…
Sharp notifies nearly 63,000 patients of data breach involving payment portal
Paul Sisson reports: Sharp HealthCare, San Diego’s largest health provider, announced Monday that it has begun notifying 62,777 of its patients that some of their personal information was compromised during a hacking attack on the computers that run its website, sharp.com. Read more at San Diego Union-Tribune. Sharp’s notice can be found on their website….