CCM Health in Minnesota provides health services through public hospitals and healthcare facilities. In a notification letter dated March 12, 2024, they informed patients that protected health information (PHI) may have been accessed and exfiltrated during an attack that occurred between April 3 – April 10, 2023. They do not reveal when or how they…
Search Results for: HCA
HC3: Sector Alert: Social Engineering Attacks Targeting IT Help Desks in the Health Sector
April 3, 2024 TLP:CLEAR Report: 202404031000 Executive Summary HC3 has recently observed threat actors employing advanced social engineering tactics to target IT help desks in the health sector and gain initial access to target organizations. In general, threat actors continue to evolve their tactics, techniques, and procedures (TTPs) to achieve their goals. HC3 recommends various…
Proposed CorrectCare Breach Settlement Rejected Over Equitable Treatment
Christopher Brown reports: A proposed $6.49 million settlement of a lawsuit alleging that CorrectCare Integrated Health LLC failed to protect the personal information of 647,000 people in a January 2022 data breach was rejected by a federal court. Plaintiffs Virginia Hiley, Christopher Knight, Kyle Marks, and Marlena Yates failed to show in their motion for settlement approval…
AHA seeks guidance on reporting breaches linked to Change cyberattack
Naomi Diaz reports: The American Hospital Association sent a letter to the HHS urging them to clarify whether hospitals and health systems should be providing breach notification to patients if protected health information is compromised due to the Feb. 21 cyberattack on Change Healthcare. The March 21 letter, penned to Melanie Fontes Rainer, acting director of the…
Updating: Fake seizure notice appears on AlphV site as part of suspected exit scam
In the wake of an accusatory post on Ramp Forum that claimed that AlphV admins allegedly stole a $22 million payment to an affiliate by Change Healthcare and then suspended the affiliate’s account, AlphV hastened what appears to be an exit scam on their part. Yesterday, a copy of the seizure notice posted on their…
Update: Robert A. Purbeck, aka “Lifelock, to plead guilty in Atlanta
In 2018, a criminal hacker known as “Lifelock” reached out to DataBreaches to share details about two healthcare entities that had not met his ransom demands. These entities were a dental practice in Menlo Park, California, and the Holland Eye Surgery & Laser Center in Michigan. The latter case drew more attention from DataBreaches due…