The other day, I wondered aloud whether there was anything the American Medical Collection Agency (Retrieval Masters) could have done after they were hacked to keep their big clients like Quest Diagnostics and LabCorp. An interesting report by Marianne Kolbasuk McGee on BankInfoSecurity suggests that there might have been. McGee reports that newly submitted court…
OH: Edgepark Medical Supplies notifying 6,572 patients after a “password spray attack”
It appears that RGH Enterprises, Inc., d/b/a Edgepark Medical Supplies, has had another HIPAA breach. The first time they came to this site’s attention was in January, 2014, when they disclosed a 2013 malware incident that had gone undetected for nine months and potentially impacted 4,230 patients. Then in January, 2018, they notified HHS and…
Wise Health notifies almost 36,000 after phishing attack compromised employees’ email accounts
Last week, I read a breach notification from Wise Health in Texas, and I duly noted it in my monthly worksheet. Not all incidents logged in my worksheet get reported on the blog, but I do include them in my monthly statistical analyses. Today, however, I see that Wise Health reported the incident to HHS…
PA: Software firm, health care provider accuse each other of theft
Nicholas Malfitano reports on a lawsuit in which a healthcare provider, Post Acute Medical, LLC (PAM), accuses the former owner and operator of its computerized records database, Christopher LeBlanc and Meridian Hospital Systems Corporation of Dallas, Texas, of illegally retaining its confidential patient data. The suit was filed in federal court for the Middle District…
UK: Former motor industry worker ordered to pay £25,500 from proceeds of data theft
A motor industry employee who was sentenced to six months in prison in November 2018 for accessing personal data without permission, has been ordered to pay a £25,500 confiscation order in a case brought by the Information Commissioner’s Office (ICO). Following a hearing at Wood Green Crown Court, London on 15 July, the judge determined…
Lenovo Confirms 36TB Data Leak Security Vulnerability
Davey Winder reports: Lenovo has confirmed that a “high severity” security vulnerability has left users of specific network-attached storage devices with data exposed to anyone who went looking for it. How much data? How does at least 36TB grab you? That’s the number that the security researchers who uncovered the vulnerability in the Lenovo-EMC storage…