The U.K.’s Information Commissioner’s Office issued the following statement today: We have issued a reprimand to the Electoral Commission after hackers gained access to servers that contained the personal information of approximately 40 million people. In August 2021, hackers successfully accessed the Electoral Commission’s Microsoft Exchange Server by impersonating a user account and exploiting known…
Curbing liabilities for hacked health systems
Daniel Payne, Ben Leonard, and Chelsea Cirruzzo report: THE LIABILITY QUESTION — State lawmakers, concerned by what they consider to be overreaching class-action lawsuits against health care organizations over data breaches, are moving to curb liability for them, Ben reports. Tennessee is the latest in a string of states to move to reduce liability for organizations that adopt…
Northeast Rehabilitation Hospital Network’s “incident” was a ransomware attack with data leaked, but they haven’t said that.
Northeast Rehabilitation Hospital Network (“NRHN”) is a comprehensive network of physical rehabilitation services that includes four inpatient hospitals and 25+ outpatient rehabilitation clinics. It also provides pain management and specialized pediatric outpatient rehabilitation. On July 19, NRHN notified the U.S. Department of Health & Human Services (HHS) of a “hacking/IT incident” that affected 501 patients. The “501” is…
UAB study postcard discloses patient information
Haven’t seen a postcard health data breach in a while, but here we are. WBRC in Birmingham Alabama reports The UAB School of Nursing has informed 1,655 patients this week of an incident in which a study recruitment postcard sent to the patients inadvertently shared protected health information (PHI). According to a press release from…
Wyatt Detention Center hit with federal lawsuit over data breach
Alexander Castro reports: A data breach at Donald W. Wyatt Detention Facility had 10 times the number of victims originally estimated last year, according to a class-action lawsuit filed last week in Rhode Island U.S. District Court. The breach occurred on Nov. 2, 2023. Four days before Christmas, the Central Falls facility publicized that the personal data of…
Newborn data allegedly accessed by doctor seeking profit
It’s an old story, but it continues to occur: insiders using data to open their own businesses or practices. This time, 800 people are being notified by Windsor area hospitals in Canada that their babies’ data was “inappropriately accessed” by a pediatrician within Windsor Regional Hospital. Travis Fortnum reports: In a statement sent to CTV…