Collaborate Disseminate
On November 15, Equinox notified clients and staff members about what they described as a data security incident on April 29. With a little digging, DataBreaches realized that it was an attack by LockBit3.0. Equinox is a human services organization tha… Continue reading NY: Equinox notifies clients and employees of April data security incident
Introduction: The malicious use of artificial intelligence has created new types of security threat for both individuals and the healthcare sector. Although artificial intelligence is a fundamental technology of our age, it has enabled the creation of … Continue reading Artificial intelligence and cybercrime: implications for individuals and the healthcare sector
In March 2024, LockBit3.0 added Redwood Coast Regional Center (RCRC) to its leak site. On May 3, RCRC notified HHS of the March 6 incident, reporting that 500 patients had been affected. RCRC only recently updated that report to indicate that 24,937 p… Continue reading Still in the dark: A “500 marker” is updated, but too many still aren’t. Is HHS doing anything about this??
A recent article on the cybersecurity risks posed by mergers and acquisitions begins: When companies merge, it creates significant cybersecurity challenges in two main ways: firstly, challenges arise in integrating disparate security infrastructures, a… Continue reading In the midst of restructuring, Guardian Healthcare hit by ransomware attack
In July 2021, Chelan Douglas Health District in Washington experienced a data breach. They disclosed the breach to the public in March 2022, surprisingly patting themselves on the back for completing their investigation in 6-7 months. A number of media… Continue reading Class action ping pong: Dismissal of lawsuit against Chelan Douglas Health District reversed; case goes back to Superior Court
HHS OCR announced a second ransomware investigation settlement today. This one involved Bryan County Ambulance Authority (BCAA), a provider of emergency medical services in Oklahoma. The Bryan County Ambulance Authority breach occurred in November 202… Continue reading HHS Office for Civil Rights Settles HIPAA Ransomware Cybersecurity Investigation for $90,000
How many data breaches can an entity have before either some regulator steps in with a corrective action plan or something happens to reduce the likelihood of more breaches? Consider the following: Breach # 1 On February 22, 2022, Minuteman Senior Ser… Continue reading How many similar breaches can one entity have in one year before regulators do something?
A press release from HHS OCR today announces a settlement with Plastic Surgery Associates of South Dakota. In July 2017, DataBreaches reported that the entity was notifying 10,200 patients after a ransomware incident. Today, the U.S. Department … Continue reading HHS Office for Civil Rights Settles Ransomware Cybersecurity Investigation for $500,000
On October 18, Summit Pathology and Summit Pathology Laboratories (“Summit”) in Colorado notified HHS of a breach affecting 1,813,538 patients. By October 21, personal injury law firms started reporting on the breach and recruiting potentia… Continue reading Summit Pathology Laboratories notified 1.8 million patients of a breach. Less than 48 hours later, they were sued.
In April 2023, DataBreaches reported two ransomware groups had each listed Albany ENT & Allergy Services (AENT) on their respective leak sites. But one month later, when AENT sent notifications to regulators and 224,486 affected employees and pati… Continue reading Albany ENT & Allergy Services settles state charges stemming from two patient data breaches; agrees to spend $2.25M on security program