The Johnstown County Report reports: A former employee at a Selma animal hospital has been charged with extortion and cyberstalking. Eduardo Figueroa, age 40, of S. Sussex Drive, Smithfield was arrested December 14 at his residence by Smithfield Police. Stolen medical records from the animal hospital were also recovered at his home, police said. On…
Oregon AG Rosenblum Settles with Avalon Healthcare over 2019 Data Breach
Although HHS OCR generally fails to take a hard enforcement line with reporting breaches by the “no later than 60 day” rule in HIPAA, state attorneys general may enforce even stricter deadlines. Read this press release: December 27 — Oregon Attorney General Ellen Rosenblum and Utah Attorney General Sean Reyes announced they’ve settled a data breach enforcement case…
A hospital’s patient data was stolen in June and they should have known it. Why are they claiming they didn’t know?
Six months after DataBreaches reported that Fitzgibbon Hospital in Missouri had been the victim of a ransomware attack by Daixin Team, the hospital has finally disclosed the incident. In a notification, the hospital claims that they detected the unauthorized access on June 6. But then they immediately make a demonstrably false statement. They state, “Though…
Retreat Behavioral Health addiction treatment centers hit by ransomware earlier this year
Retreat Behavioral Health (RBH) has addiction treatment facilities in Florida, Pennsylvania, and Connecticut. On July 1, 2022, they reportedly detected a ransomware attack. Letters were sent out this week, but because Massachusetts actually prohibits entities from providing important details in notifications to consumers, there’s a lot we don’t know about this incident yet. Specifically, the…
Worst breach notifications of 2022
This is the time of year when many sites compile their lists of worst breaches of the year. Some consider all sectors, some confine themselves to one sector. Many base their lists on number reported to some regulator. Over the years, I have compiled my own annual lists where the “worst breaches” were not always…
Bits ‘n Pieces (Trozos y Piezas)
BR: Monte Cristalina claimed by LockBit3.0 On December 19, Monte Cristalina S.A. was added to LockBit3.0’s leak site. The group claims to have 135GB of information about the holding company, and has already uploaded some data as proof. Access to Monte Cristalina’s website has been blocked, and we have found no acknowledgement or confirmation by…