Did University of Utah Health really have three phishing incidents this year? Maybe not. I was confused when I saw a new listing on HHS’s public breach tool this week. The incident, reported to HHS on July 20, reportedly affected 10,000 patients and involved PHI located in email. As such, it seemed to match an…
Search Results for: HCA
Hakbit ransomware campaign targeting specific European countries
Derek Kortepeter reports: Proofpoint researchers have published findings on a campaign involving the Hakbit ransomware. As their blog post states, the ransomware is being spread via spear-phishing emails targeted at individuals in “mid-level positions across the pharmaceutical, legal, financial, business service, retail, and healthcare sector.” The attacks, described as low-volume, are specifically targeting employees of organizations located in…
Grays Harbor County Hospital Settlement
Grays Harbor Community Hospital in Washington suffered a ransomware attack in 2019. Despite their best efforts, not all data was recoverable. And not surprisingly in our litigious society, a lawsuit was filed against it. According to a proposed settlement announced this week, the lawsuit claims that Grays Harbor was responsible for the Data Incident and…
Hackers obtain Covid-19 patient database in protest at treatment of Indian health workers
Joe Wallen reports: Hackers claim they have accessed the personal data of 80,000 Covid-19 patients in New Delhi stored on a local government website, in protest at the treatment of beleaguered healthcare workers. The Kerala Cyber Hackers group says it broke into the Delhi Government’s Delhi State Health Mission website in less than 10 minutes on Saturday night. Read…
Magellan ransomware attack impacted multiple subsidiaries and affiliates (UPDATE 2)
On May 12, DataBreaches.net reported that Magellan Health was notifying an unspecified number of individuals as a result of a ransomware attack. At the time they wrote their notification letter, Magellan stated that investigators had found that a subset of data had been exfiltrated from a single corporate server. As explained in their first notification…
Why weren’t patients told that their data was dumped publicly?
On May 13, DataBreaches.net reported that Ako ransomware operators revealed that they had attacked North Shore Pain Management in Massachusetts. The threat actors announced the attack and dumped some of the practice’s files when the medical practice did not pay their ransom demand. The data dump, consisting of more than 4 GB of more than…