From the Washington Attorney General’s Office yesterday, a press release on an expansion of the breach notification requirements. Of special note, under the new law, a hacker acquiring a name in combination with a student ID would trigger notification obligations, but only if the information was not secured or made unusable (e.g., by encryption) AND …
Category: U.S.
NJ: Ronald Snyder, M.D., Notifies patients after ransomware incident
From a press release by pediatric orthopedic surgeon Ronald Snyder, M.D.: April 18, 2019 /PRNewswire/ — On April 18, 2019 Ronald Snyder, M.D., (“Dr. Snyder”), announced a recent event that may have impacted the privacy of personal information relating to certain individuals. While Dr. Snyder is unaware of any attempted or actual misuse of personal information…
PA: Millions of rehab records exposed on Steps to Recovery’s unsecured database
Laura Hautala reports: It’s some of the most sensitive medical information a person could have. Records for potentially thousands of patients seeking treatment at several addiction rehabilitation centers were exposed in an unsecured online database, an independent researcher revealed Friday [link corrected by DataBreaches.net]. The records included patients’ names, as well as details of the…
ME: City of Augusta hit by computer virus, City Center closed
Keith Edwards reports: A malicious computer virus that hit the city overnight and froze the city’s computer network forced the closure of Augusta City Center Thursday. The virus, which officials said was intentionally inflicted upon the city’s servers, also shut down computers used by public safety dispatchers — but not the city’s phone system or…
ME: Acadia Hospital mistakenly released confidential information of 300 Suboxone patients
Callie Ferguson reports: A communications official at Northern Light Acadia Hospital in Bangor mistakenly emailed the confidential names of 300 patients with prescriptions for Suboxone, a medication used to treat opioid use disorder, to an editor at the Bangor Daily News last week. In addition to their names, the list also contained the identities of…
Did ransomware claim a victim or did two doctors just make a poor decision?
An article by William Maruca of FoxRothschild is headlined, “Ransomware Claims A Victim.” It discusses the case of Brookside ENT, whose doctors decided to shutter their practice and retire a year early after a ransomware attack that encrypted their patient data, billing information, scheduling information, and even their backups. In other words, the attacker successfully…