AP reports: A former employee at a northwestern New Mexico hospital walked off with information on nearly 7,500 patients, hospital officials said. Documents in cardboard boxes turned up in storage units near Farmington. They were taken from the Northern Navajo Medical Center in Shiprock last fall without authorization, officials said. Read more on KOAT. Notification…
Hackers broke into hospitals despite software flaw warnings
Update: MedStar subsequently denied this report. See Ars Technica’s coverage of their response. Original story: Tami Abdollah reports: The hackers who seriously disrupted operations at a large hospital chain recently and held some data hostage broke into a computer server left vulnerable despite urgent public warnings since at least 2007 that it needed to be…
Metropolitan Jewish Health System notifies members and patients of phishing incident
Notice Regarding Phishing Email Incident Metropolitan Jewish Health System, Inc. and its participating agencies and programs (including Menorah Home and Hospital for the Aged and Infirm d/b/a Menorah Center for Rehabilitation and Nursing Care; Metropolitan Jewish Home Care, Inc. d/b/a MJHS Home Care; MJHS Hospice and Palliative Care, Inc.; Institute for Applied Gerontology d/b/a MJHS…
King’s Daughters’ Health shut down systems after Locky detected.
On March 30, they wrote: Exercising an abundance of caution, computer systems at King’s Daughters’ Health were intentionally shut down on Wednesday morning after a single-user’s files were infected with a ransomware virus known as Locky. At this time, all patient data remains secure and has not been affected or compromised, according to Linda Darnell,…
University of Liverpool database of 6,500 staff posted on dark Web forum
John E. Dunn reports: Israeli researchers have discovered the contact details for everyone working and teaching at the University of Liverpool circulating on a dark Web forum where it is being promoted to launch targeted phishing attacks. Read more on ComputerworldUK. For many universities, such contact details are considered public domain and/or are freely available on…
Don’t let embarrassment about a data breach cost you even more
There’s an interesting commentary by Evan Schuman on Computerworld today. Nobody likes to be embarrassed. That goes for company executives. This fact of human nature helps explain why the breach-disclosure laws that have been adopted by many states can be leveraged by data thieves for even more profit than they could realize before. Evan notes…