In 2014, Nuance Communications discovered that anyone could access protected health information on one of its platforms. After the situation persisted for years, a former employee decided to submit a whistleblower complaint to HHS. For his efforts, he spent more than one year fending off threatened federal hacking charges, even though no hacking was involved….
Search Results for: HCA
HC3 Threat Profile: Evil Corp
The following is not a paragraph from a story about fictional cybercriminals called Evil Corp. The following paragraph is from a white paper released this week by the U.S. Department of Health & Human Services because there is a criminal enterprise known as Evil Corp that poses a serious threat to the healthcare sector. Typographical…
CorrectHealth notifies employees of breach in 2021; makes changes
CorrectHealth in Georgia is a private provider of healthcare services to incarcerated individuals. In November 2021, they discovered a data breach involving some employees’ email accounts. They did not reveal when the breach occurred, and it seems it took them until July 2022 to investigate and identify the 54,066 individuals they are notifying. Nothing on…
Massive cyberattack leads to class action suit against provider chain Avamere
John Hall reports: Attorneys representing a potentially large group of residents and employees of nursing home behemoth Avamere Holdings announced they have filed a class action suit accusing the long-term care provider of failing to protect its residents and staff from a massive cyberattack. The operator faces the class-action lawsuit over a data breach believed to have affected more…
San Diego American Indian Health Center: over 27,000 people are affected by data theft
Marco A. De Felice reports: 27,367 people, including patients and healthcare / administrative staff, were affected by the theft of sensitive data after the ransomware-type cyber attack last May 5 at the San Diego American Indian Health Center (“SDAIHC”) in the state of California. Recall that, among the people involved in the theft of their sensitive data, there…
HC3: Analyst Note: Karakurt Threat Profile
HC3: Analyst Note TLP: White Report: 202208241200 Executive Summary Karakurt ransomware group, also known as the Karakurt Team and Karakurt Lair, is a relatively new cybercrime group, with researchers reporting its first emergence in late 2021. Karakurt actors claim to steal data and then threaten to auction it off or release it to the public…