Collaborate Disseminate
A press release from HHS OCR today announces a settlement with Plastic Surgery Associates of South Dakota. In July 2017, DataBreaches reported that the entity was notifying 10,200 patients after a ransomware incident. Today, the U.S. Department … Continue reading HHS Office for Civil Rights Settles Ransomware Cybersecurity Investigation for $500,000
On October 18, Summit Pathology and Summit Pathology Laboratories (“Summit”) in Colorado notified HHS of a breach affecting 1,813,538 patients. By October 21, personal injury law firms started reporting on the breach and recruiting potentia… Continue reading Summit Pathology Laboratories notified 1.8 million patients of a breach. Less than 48 hours later, they were sued.
In April 2023, DataBreaches reported two ransomware groups had each listed Albany ENT & Allergy Services (AENT) on their respective leak sites. But one month later, when AENT sent notifications to regulators and 224,486 affected employees and pati… Continue reading Albany ENT & Allergy Services settles state charges stemming from two patient data breaches; agrees to spend $2.25M on security program
One cyberattack is distressing enough. But has The Eye Clinic Surgicenter been attacked by two different groups this year? Silence is not golden if patient data has already been leaked. Last week, Meow Leaks added The Eye Clinic Surgicenter in Montana… Continue reading Since June, two groups claim to have attacked The Eye Clinic Surgicenter. What do we know?
From HHS OCR: “On October 22, 2024, Change Healthcare notified OCR that approximately 100 million individual notices have been sent regarding this breach. ” As DataBreaches mentioned this morning on Infosec.Exchange, is that 100 million an … Continue reading Update to Change Healthcare breach
Microsoft writes: The healthcare sector faces a rapidly increasing range of cybersecurity threats, with ransomware attacks emerging as one of the most significant. A combination of valuable patient data, interconnected medical devices, and small IT/cyb… Continue reading US Healthcare at risk: Strengthening resiliency against ransomware attacks
On Thursday morning, ThreeAM added Carolina Arthritis to its leak site. Some ransomware groups add a listing, post some claims and a few screencaps, and then give the entity a deadline to pay up, or they leak a bit of data and then give the entity a fi… Continue reading Carolina Arthritis hit by ThreeAm ransomware attack
Reuters reports: An Indian court in the southern state of Tamil Nadu has told insurer Star Health to help Telegram identify data leaked via its messaging app so the chatbots can be deleted. The country’s biggest insurer with roughly $4 billion ma… Continue reading Indian court tells Star Health to share details of leak so Telegram can delete chatbots
On September 15, INC Ransom added OnePoint Patient Care to its leak site. The threat actors claimed to have encrypted the hospice dispensing pharmacy and pharmacy benefits management service’s files. It wasn’t long after that INC leaked all… Continue reading OnePoint Patient Care notifies almost 800,000 patients of August ransomware attack
On September 7, RansomHub added Cardiology of Virginia to its dark web leak site, claiming that about 1 TB of files had been acquired. DataBreaches assumes no payment agreement was struck as RansomHub subsequently leaked data, complete with a filelisti… Continue reading Cardiology of Virginia patient data appears to be up for sale. Has the entity issued any statement at all?