On August 17, 2023, SysInformation Healthcare Services, LLC, d/b/a EqualizeRCM (“SysInformation”) notified HHS of a breach. The firm, a business associate that provides revenue and billing cycle management services, reported that 501 patients had been affected. That number is generally interpreted as a placeholder marker when the entity has not yet figured out the real…
Category: U.S.
Mass General Brigham fires two employees after patient data breach
Bryan Lambert reports: Mass General Brigham says some patients may have had personal information exposed after two employees allegedly allowed an unauthorized person access to private records. The hospital says on April 4 it was made aware of an incident where patients’ personal info, including name, address, medical record number, date of birth, email address,…
Infosys McCamish Systems ransomware attack affected more than 6 million people
Infosys McCamish Systems (“IMS”) in Atlanta provides software and services to the life insurance industry. In October 2023, it was the victim of a ransomware attack that affected 6,078,263 people. As they explain in a notification to the Maine Attorney General’s Office, they were providing notification on their own behalf as a data owner and…
Pinnacle Orthopaedics & Sports Medicine Specialists hit by INC Ransom
On April 22, Pinnacle Orthopaedics & Sports Medicine Specialists LLC (“Pinnacle”) discovered that it had been the victim of a cyberattack. By April 29, it had identified less than ten patients who had been affected and promptly sent them notification letters. But that wasn’t the end of their investigation or problems. By June 7, Pinnacle’s…
Pediatric Urology Associates was allegedly locked and hacked. What are they doing about it?
There has been a proliferation of new ransomware or hacking groups in the past six months, and some of them are still flying under the media radar. One of those groups is the dAn0n Hacker Group. On March 26, dAn0n added Pediatric Urology Associates (“PUA”) to their leak site. On April 25, an updated listing…
Judge denies motion to dismiss cybersecurity lawsuit against Clark County schools
Rocio Hernandez reports: A Clark County judge on Thursday denied the Clark County School District (CCSD)’s motion to dismiss a class action lawsuit over a 2023 cybersecurity breach — an unexpected development considering the judge previously said she leaned toward dismissing the case. The lawsuit, filed Oct. 31, said the breach led to the compromise…