The following is not a new incident. It is just a newly disclosed incident because of a law enforcement-requested delay in disclosure. North Shore University Hospital (NSUH) issued a notice on February 1, 2022 concerning insider-wrongdoing. The notice begins: NSUH learned that a former employee who worked at a medical office may have improperly accessed…
Category: U.S.
MT: Logan Health Medical Center notifying 213,554 about data breach
Logan Health Medical Center in Montana is notifying 213, 543 patients, employees, and business associates after discovering that files with personal and protected health information were accessed without authorization. According to a notification submitted to the Maine Attorney General’s Office, Logan first detected suspicious network behavior on November 22, 2021. On January 5, their investigation…
Boston law firm Taylor, Ganson & Perrin notifies clients of data breach
One month after first detecting a problem, Boston law firm Taylor, Ganson & Perrin LLP is providing notice of a data security breach. Like many law firms who have experienced breaches, clients’ medical information and what might be protected health information may have been accessed or acquired by the unnamed threat actor(s), but whether it…
Report: Missouri Governor’s Office Responsible for Teacher Data Leak
Brian Krebs reports on a follow-up to the case of Missouri’s Governor Parsons tried to sue a journalist and others who had responsibly disclosed and reported on a data leak by the state. The data leak first came to public attention in October, 2021 when Josh Renaud reported on the exposure and the steps the…
Michigan Medicine notifies 269 patients after discovering a snooping employee
Here’s a good example of how monitoring and logs can detect a problem and prevent even more problems. Michigan Medicine detected an employee accessing patient records without legitimate need. The improper access began in December, 2021, and continued until it was caught by monitoring on January 25, 2022. Access was cut off on January 27…
Allen ISD cybersecurity update: personal information of more than 500 employees hacked in September 2021
Jay Wallis provides an update on the Allen ISD ransomware incident first reported by the district in September. Part of the district’s newly revealed findings: According to the investigation, there is no evidence that any unauthorized user got into Allen ISD’s databases, including the Student Information and Financial databases. District officials said they determined that…