Abby Sewell reports that Los Angeles County Department of Health Services computers were hit with a ransomware attack just days after a similar attack on Hollywood Presbyterian Medical Center. The attack was on a smaller scale and the county did not pay any ransom. Nor, it seems, did they need to. Spokesman Michael Wilson said the agency…
IL: FHN Memorial Hospital reveals hard drive with patient info was stolen in December
Adam Poulisse reports: A computer hard drive containing patient information was stolen from FHN Memorial Hospital in December. The hard drive did not contain medical records, but did have internal reports and spreadsheets with patient data, according to a FHN news release. The files may have included a patient’s name, Social Security number, contact information,…
BJC HealthCare Accountable Care Organization Notifies Patients of Unencrypted Email
(Feb. 26, 2016, ST. LOUIS) – BJC HealthCare Accountable Care Organization (BJC ACO) has notified 2,393 patients that identifying information was sent to a participating medical practice through an unencrypted email. All affected patients have been offered identity theft protection free of charge. BJC ACO discovered on Dec. 30, 2015, that an email containing health information…
Hacker Claims to Have Sold 27M Mate1.com Passwords
Joseph Cox reports: A hacker on the dark web forum Hell claims to have sold the email addresses and plaintext passwords of over 27 million users of dating site Mate1.com. “Their server was compromised and the MySQL database was dumped,” the hacker, who asked to remain anonymous, told Motherboard. “I had shell/command access to their server.” Read…
HIPAA Covered Entities Not Responsible For Intercepted Transmission of PHI When Individual Requested Unsecured Transmission, Office for Civil Rights Concludes
Joseph Lazzarotti of Jackson Lewis highlights an important note in recent OCR guidance: What is a covered entity’s obligation under the Breach Notification Rule if it transmits an individual’s PHI to a third party designated by the individual in an access request, and the entity discovers the information was breached in transit? If a covered…
Snapchat “just impossibly sorry” after employee payroll data compromised in BEC scam
John Russell reports that a number of Snapchat’s current and former employees had their payroll information stolen after an employee fell for what has become a common attack known as BEC (Business Email Compromise). In BEC, a scammer poses as a corporate executive and sends an email requesting payroll or customer data. “Last Friday, Snapchat’s payroll department was targeted by an…