Arkansas Oral & Facial Surgery Center disclosed a ransomware incident that may or may not have resulted in access to protected health information. As they explain in their notice to patients of September 24, 2017: On July 26, 2017, Arkansas Oral & Facial Surgery Center discovered that its computer network had been impacted by ransomware,…
Search Results for: HCA
Did a media blackout on reporting on TheDarkOverlord allow them to mushroom in the dark?
By the end of 2016, a number of journalists and/or their employers had made an ethical decision not to report on hacks and in-progress extortion attempts by TheDarkOverlord. But did the lack of coverage enable the criminals to expand their operations without any public attention or public pressure on law enforcement to pursue them aggressively? …
Another victim of TheDarkOverlord comes forward
On September 1, I reported that a breach disclosure by Hand Rehabilitation Specialists to the Vermont Attorney General’s Office was actually an incident that had involved TheDarkOverlord, a hacker or hacking collective who have been targeting the healthcare sector since last March or April. That notification did not name TheDarkOverlord as attackers. Nor did it…
EXCLUSIVE: Hand Rehabilitation Specialists notifies patients of possible hack by TheDarkOverlord
Back around the Fourth of July holiday, I was busy attempting to confirm some claimed hacks by TheDarkOverlord (TDO). And no, I’m not referring to any entities I’ve previously named on this site, but yet other healthcare entities I’ve never named. In encrypted chats, TDO had provided me with samples of patient data from approximately…
Yet another breach due to envelope windows?! CVS Caremark exposes patients’ HIV status in mailings
I can almost hear Yogi Berra saying, “It’s deja vu all over again.” Lou Chibbaro Jr. reports: CVS Caremark, a division of the CVS pharmacy and healthcare company, abruptly discontinued a mailing last week to patients in Ohio receiving HIV-related medication from the company after it learned that a reference to “HIV” appeared above the…
UK: Nottinghamshire County Council fined £70,000 for data protection breach
From the Information Commissioner’s Office: A council has been fined £70,000 by the Information Commissioner’s Office (ICO) for leaving vulnerable people’s personal information exposed online for five years. The Data Protection Act requires organisations to take appropriate measures to keep personal data secure, especially when dealing with sensitive information. But Nottinghamshire County Council posted the…