The following is part of the notice Village Senior Services Corporation d/b/a VillageCareMAX posted on their website. Note that the attacker was apparently requesting names and Medicaid ID numbers, which makes me wonder what the plan for misuse was — insurance fraud, perhaps? VillageCareMAX (“VCMAX”) is providing notice of an incident that may affect the…
Search Results for: HCA
Maze Team continues its campaign of naming, shaming, and dumping victims’ data while other attackers adopt the same model
In May, 2019, Lawrence Abrams of Bleeping Computer reported on threat actors using Maze ransomware, a then-new variant of ChaCha ransomware. As reported by Abrams, Jérôme Segura had found that the ransomware was being dropped by the Fallout exploit kit. In October, researchers also noted that it was being dropped using the Spelevo exploit kit. Since…
Security researchers — and journalists — need legislative protection in India for disclosing vulnerabilities
If there is anything positive at all about the legal bullshit 1to1Help,net has perpetrated to cover up their data leak and to deflect blame, it is the support I have received from the Internet Freedom Foundation in India. But before diving into that more, a quick update on 1to1Help’s shameful litigation: After reading the court…
As 2019 draws to a close, some entities are taking harder look at storing PHI in employee email accounts
Okay, so two exemplars doesn’t prove any kind of trend, but I’m glad to see some entities now taking steps to reduce how much PHI is stored in employee email accounts. Here are two recent incidents, both reported to HHS in December: Healthcare Administrative Partners (HAP) is a Pennsylvania-based business associate under HIPAA. On December…
IL: Former Lurie Children’s employee wrongfully accessed patient data, hospital says
WLS reports: Ann & Robert H. Lurie Children’s Hospital of Chicago is notifying some of its patients about a former employee’s access of patients’ medical records. On Nov. 15, the hospital learned that between Sept. 10, 2018 and Sept. 22, 2019, an employee accessed certain patients’ medical records without a business reason to do so,…
AL: DCH Health System patients file federal suit over ransomware attack
Howard Koplowitz reports: Four patients of the DCH Health System filed a federal class-action lawsuit Monday alleging that the three west Alabama Hospitals violated health information privacy laws and disrupted their medical care when the system was hit with a ransomware attack in October. The four patients accuse the health system of negligence, invasion of…