On February 25, Pasquotank-Camden Emergency Medical Service in North Carolina reported a breach to HHS that affected 20,420 patients. A notification sent to the Vermont Attorney General’s Office explained that sometime in late December, 2018, the county became aware of an unauthorized intrusion from outside of the U.S. Investigation revealed that the intruder was able…
Lawmakers introduce bipartisan bill for ‘internet of things’ security standards
Jacqueline Thomsen reports: A bipartisan group of lawmakers on Monday unveiled legislation that would create cybersecurity standards for internet-connected devices, often known as the “internet of things.” The bill, introduced in the Senate by Sens. Mark Warner (D-Va.) and Cory Gardner (R-Colo.) and in the House by Reps. Will Hurd (R-Texas) and Robin Kelly (D-Ill.),…
Carmel Unified School District notifies employees of phishing incident
Ouch. This isn’t a W-2 phishing attack, but in some ways, it seems even worse. Carmel Unified School District notified employees that a successful phishing attack had gained access to an employee’s email account that had “a limited number of documents.” Those documents may have contained employees’ or dependents’ information: Employee social security numbers Spouses’…
Maffi Clinic notifies 10,465 after ransomware incident
On September 11, 2018, Maffi Clinics in Arizona joined the ranks of those attacked by ransomware. From their notification letter (see below), it appears that the clinic was prepared and quickly implemented their incident response plan. The consulting firm promptly identified the unauthorized access point and terminated it; isolated and removed the ransomware; and restored…
Delaware Guidance Services notifies 50,000 parents and guardians after ransomware incident
On February 26, Delaware Guidance Services for Children and Youth, Inc. (“DGS”) sent a letter to parents and guardians of their young patients. The letter explained that on December 25, 2018, DGS had become the victim of a ransomware attack that had locked up the patient records. Those records contained personal information, such as name,…
Pharmacy benefits management vendor discloses ransomware incident
Direct Scripts, a pharmacy benefit management service provider in Ohio, recently notified more than 9,300 patients after discovering that they had been the victim of a ransomware attack. Direct Scripts became aware of the attack on January 30, and immediately launched an investigation to determine what had happened and if any patient protected health information…