BakerHostetler writes: On Thursday, Jan. 23, DISA Global Solutions, Inc. (DISA) provided an update to customers regarding its April 2024 cyber incident, including the results of its data review and notification plans. According to DISA, its investigation determined an unauthorized third party accessed its environment between Feb. 9, 2024, and April 22, 2024, and “procured…
Delta County Memorial Hospital District reveals more about 2024 cyberattack that affected 148,363 people
Delta County Memorial Hospital District (Delta Health) in Colorado was the victim of a cyberattack at the end of May 2024. Whatever happened — and the details still haven’t been disclosed — resulted in the provider notifying HHS on July 29 that it had suffered a breach, but the number was not yet known. The…
Cover-up Follow-up: Westend Dental starts notifying patients of October 2020 ransomware attack
In December, DataBreaches reported that the Indiana Attorney General’s Office had brought charges against Westend Dental for a number of HIPAA violations. The state had started investigating the dental practice after a patient complained about them not providing a copy of their records in response to a request. In looking into that complaint, the state…
Operation Heart Blocker: Disruption action deals blow to criminal cyber network HeartSender
During a disruption action on January 29, 2025, HeartSender servers and domains were seized by various police services. HeartSender is the name of a group of phishing software makers. The Cybercrime Team of the East Brabant police unit started an investigation at the end of 2022, after phishing software was found on the computer of…
Almost one year later, NorthBay Health notifies 569,012 people of breach of sensitive information
While some states are decreasing the amount of time entities have to notify the state or individuals of a breach, the reality is that many entities are nowhere near complying with even more lenient deadlines. HIPAA, for example, allows entities no more than 60 calendar days from discovery of a breach (the first day they…
Heart Centre Cyberattack in Australia, DragonForce Claims Responsibility for Sensitive Data Theft
SuspectFile reports: The healthcare sector continues to be a prime target for cybercriminal groups, with targeted attacks putting patient safety and medical information confidentiality at risk. The recent attack on Heart Centre, a network of cardiology clinics located in New South Wales, Australia, carried out by the DragonForce group, once again highlights the vulnerability of hospital IT…