Jackson County Schneck Memorial Hospital (Schneck Medical Center) was a victim of a cyberattack in 2021. Its 2021 and 2022 disclosures about the breach and its lack of timely breach notification resulted in a potential class action lawsuit filed in 2022. Its lack of appropriate and timely disclosures and information patients needed to protect themselves…
Category: U.S.
Rite Aid, one of many victims in MOVEit breach, sued for negligence
Rite Aid was one of numerous entities affected by the massive MOVEit breach. In July, they disclosed that 24,400 patients’ pharmacy information including medication names and dates of fill, prescriber information and limited insurance information was involved. They were notified by their vendor of the breach on May 31. Now it is reportedly being sued,…
Dallas delays release of report that reviews ransomware response
Everton Bailey Jr. reports that if you were hoping to get the promised release of the report on Dallas’s response to the ransomware attack by Royal, you’ll have to wait at least two more weeks. The last council meeting ran late and the council never got to review the report, which needs to happen before…
More than a year later, Lifeline Health Systems notifies 75,000 people of a data breach
Lifeline Health Systems is a HIPAA-covered entity, although not all the data involved in their 2022 breach was protected health information. Some of the data related to employees and family members. But here’s the timeline Lifeline provides in their notification template: On August 6, 2022, we identified unusual network activity. We immediately initiated our incident…
The Government Isn’t Sure How to Get Small Hospitals to Take Cybersecurity Seriously
Eric Geller reports: The U.S. government is struggling to convince hospitals that they need to spend time and money fighting hackers and provide useful advice to them, a problem that could have lethal consequences as the country’s ransomware crisis rages on. “I don’t think we’ve figured out how to talk to the small and medium-sized…
Bienville Orthopaedic Specialists notifies 243,000 patients of cyberattack
On April 1, DataBreaches reached out to Bienville Orthopaedic Specialists (BOS) in Mississippi to ask about a claim by Abyss threat actors that they had compromised BOS. BOS never replied. But now, five months later, BOS submitted a breach notification to the Maine Attorney General’s Office. The notification indicates that 242,986 people were affected by…