On April 28, DataBreaches reported that two different ransomware groups claimed to have attacked Albany ENT & Allergy Services, P.C. in Albany, New York. This week, Albany ENT & Allergy Services notified regulators and 224,486 affected employees and patients about a breach. Their notification is stunning, however, for its lack of certain details. In their…
Tennessee Orthopaedic Clinics notifies HHS of breach; has yet to notify patients
An undated message on the Tennessee Orthopaedic Clinics website states that TOC recently responded to a security incident. They don’t say when they discovered it, but their investigation determined “that an unauthorized party accessed some of our systems between March 20, 2023, and March 24, 2023, and may have accessed or acquired certain files.” The…
NT Health throws breach notification obligations out the window; says patients should call them to find out if they were affected?!
According to Northern Territory Health’s website, the Australian government agency manages the Northern Territory public health system, operating across five service delivery regions, six hospitals, 74 health clinics, and seven corporate offices. “As NT Health, we work together as one system in partnership with individuals, families, the community, Aboriginal heath organisations and stakeholders to provide…
The Vascular Center of Intervention breach — what their notification says and what it didn’t say
On May 24, the Vascular Center of Intervention (VCI) in California submitted a breach notification to California and posted a substitute notice on VCI’s website. The notification, signed by Dr. James Lee, states that on March 29, VCI became aware of unusual activity on its network. An investigation revealed that some patient-related files had been…
Norton Healthcare didn’t call it a ransomware attack. Then BlackCat claimed responsibility for it.
On May 20, DataBreaches reported that Norton Healthcare in Kentucky and Indiana had disclosed what sounded like a ransomware incident that they discovered on May 9, but they never called it a ransomware incident, even though they stated that they had received faxed threats and demands. Today, AlphV (BlackCat) claimed responsibility for the attack and…
Morris Hospital investigating attack by Royal ransomware group
On May 22, the Royal ransomware group added Morris Hospital to their leak site with a small sample of files as proof of claims. On May 23, the hospital posted a statement on its site, prominently linked from its homepage: Morris Hospital & Healthcare Centers is actively investigating a cybersecurity incident with the assistance of…