AllCare Plus Pharmacy, Inc. is an IQVIA business in Massachusetts. This week, they notified the Maine Attorney General’s Office of a phishing incident that affected 5,971 patients. According to their notification, on June 21, 2022, AllCare discovered that some employees had received phishing emails. Their investigation revealed that some of the employees’ accounts had been…
Beaver Medical Group notifying patients whose information was accessed in phishing incident
Beaver Medical Group (BMG) in California is part of Optum Health. On January 24, BMG discovered unusual activity in an employee’s workstation. Their investigation revealed that an unauthorized actor had launched a targeted phishing attack that gave them access to the employee’s email account. The types of personal and protected health information in that account…
N.L. says Hive ransomware group was behind 2021 cyberattack on health systems
Rob Antle reports: The Newfoundland and Labrador government says the Hive ransomware group was behind a cyberattack that paralyzed the province’s health-care system a year and a half ago. But top government officials still won’t say whether they paid a ransom. “We can’t disclose anything about a request for a ransom, for security purposes,” Justice…
NorthStar Emergency Medical Services notifies 82,450 patients of September hacking incident
NorthStar Emergency Medical Services in Alabama is notifying 82,450 patients of an incident last year that involved protected health information. According to a notification letter and press release by NorthStar, on September 16, 2022, NorthStar detected abnormal activity in their network. Investigation subsequently revealed that an unauthorized actor had accessed files containing protected health information….
Two Men Charged for Breaching Federal Law Enforcement Database and Posing as Police Officers to Defraud Social Media Companies
A criminal complaint was unsealed today in federal court in Brooklyn charging Sagar Steven Singh and Nicholas Ceraolo with wire fraud and conspiracy to commit computer intrusions. The charges stem from Singh’s and Ceraolo’s efforts to extort victims by threatening to release their personal information online. Singh was arrested this morning in Pawtucket, Rhode Island,…
Jelly Bean Communications Design and its Manager Settle False Claims Act Liability for Cybersecurity Failures on Florida Medicaid Enrollment Website
There’s an update to the Florida Healthy Kids breach that was due to their vendor, Jelly Bean Communications, not patching vulnerabilities for seven years. The incident was reported to HHS in January 2021 as impacting 3.5 million patients. Today, the U.S. Department of Justice announced: Jelly Bean Communications Design LLC (Jelly Bean) and Jeremy Spinks…