On May 16, DataBreaches.net reported on a breach involving MedEvolve. The breach had been reported to this site by an independent researcher, who had found that some of MedEvolve’s clients’ patient information was exposed on a public FTP server with no login required. The MedEvolve incident was included in the May statistics compiled for Protenus’s…
Category: U.S.
MO: Cass Regional responds to ransomware attack
A special statement from Cass Regional HOSPITAL NEWS | MONDAY, JULY 9, 2018 At approximately 11 a.m. this morning, Cass Regional Medical Center became aware of a ransomware attack on its information technology infrastructure. Affected areas include internal communication systems and access to the organization’s electronic health record (EHR). At this time, there is no…
MSK Group notifying patients of data security incident
MSK Group in Tennessee, and its divisions, OrthoMemphis, Memphis Orthopaedic Group, Tabor Orthopedics, and Crosstown Back & Pain Institute, are notifying patients of a data security incident that they discovered on May 7. In a notification letter dated July 5 and signed by Kimble L. Jenkins, CEO, the orthopedic group offered those affected free services with…
VCU Health System notifies patients of improper access to information
The Progress-Index reports: VCU Health System is notifying about 4,700 individuals that their or their minor child’s electronic health information was inappropriately accessed. There is no indication that the private health information has been or will be used for any malicious purposes. The matter came to light on May 9, when an unusual pattern of…
Security Firm Sued for Failing to Detect Malware That Caused a 2009 Breach
Catalin Cimpanu reports: Two insurance companies are suing a cyber-security firm to recover insurance fees paid to a customer after the security firm failed to detect malware on the client’s network for months, an issue that led to one of the biggest security breaches of the 2000s. Read more on Bleeping Computer about how Lexington Insurance…
Lake Oswego School District warns students about phishing email after employee account hacked
KOIN 6 in Oregon reports: The culprit had no problem drawing attention. At 2:36 p.m., a tweet came out from the Lake Oswego School district Twitter account. In all caps, the tweet signaled a change in the account. Read more on KOIN 6. This may be more than just a hack of the district’s Twitter…