Collaborate Disseminate
A notification by Guardant Health, Inc. in California (“Guardant”) caught DataBreaches’ eye yesterday. Guardant is a laboratory that performs cancer screening tests on samples received from its physician and hospital partners. Patient information… Continue reading Guardant notifies patients of unintended information exposure going back to October 2020
In December 2023, UW’s Fred Hutchinson Cancer Center (“Fred Hutch”) reported a November cyberattack that involved the exfiltration of patient data and attempted extortion of patients. DataBreaches contacted Fred Hutch on December 8 t… Continue reading Fred Hutch notifies more patients of November 2023 attack
Zack Whittaker reports: The ransomware gang that hacked into U.S. health tech giant Change Healthcare used a set of stolen credentials to remotely access the company’s systems that weren’t protected by multifactor authentication (MFA), according to the… Continue reading Change Healthcare hackers broke in using stolen credentials — and no MFA, says UHG CEO
Note: Marco A. De Felice (aka @amvinfe) has been doing some great investigative blogging on ransomware groups and incidents. If you’re not checking his SuspectFile site regularly, you are missing out on some of his exclusive reporting. De Feli… Continue reading United Healthcare, Optum, and Change Healthcare Involved in Northeast Ohio Neighborhood Health Data Breach
CTV News reports: All 79 locations of pharmacy and retail chain London Drugs are shut down Sunday, and there is no estimate on when they will be back open. A customer service representative told CTV News “all of our systems are down” and the stores are… Continue reading All London Drugs stores closed across Western Canada due to “operational issue”
The Federal Trade Commission today announced it has finalized changes to the Health Breach Notification Rule (HBNR) that will strengthen and modernize the rule by clarifying its applicability to health apps and other similar technologies and expanding … Continue reading FTC Finalizes Changes to the Health Breach Notification Rule
It is disgraceful that there are so many huge data leaks involving sensitive personal data, and yet here we are again. Cybernews reports: Health Genie, a healthcare IT solutions provider, left an open instance, exposing patients’ personal details as w… Continue reading Unsecured Health Genie bucket exposed almost 450,000 files with patient data — Cybernews
A press release from medical technology firm LivaNova PLC indicates that patients of LivaNova U.S. are being notified of a breach first disclosed in November of 2023. An investigation at the time indicated that their systems were first accessed witho… Continue reading LivaNova to notify U.S. patients of October 2023 ransomware incident
Marianne Kolbasuk McGee reports: A second federal judge has recommended the dismissal of a second proposed class action lawsuit against Catholic hospital chain CommonSpirit over a 2022 cyberattack and data breach that affected nearly 624,000 people. Bo… Continue reading Judge Advises Dismissal of CommonSpirit Breach Lawsuit
Zack Whittaker reports: U.S. health conglomerate Kaiser is notifying millions of current and former members of a data breach after confirming it shared patients’ information with third-party advertisers, including Google, Microsoft and X (formerly Twit… Continue reading Kaiser to notify millions of a data breach after sharing patients’ data with advertisers