John Blacksmith
Northwell Health Ex-Employee Secretly Recorded Videos of Patients in Toilets
Sanjai Syamaprasad, 47 years old, from Brooklyn, NY is an ex-employee of the Northwell Health Sleep Disorders Center who was indicted by the Nassau County District Attorney’s Office. Allegedly, Syamaprasad set up a hidden camera in a bathroom’s fake smoke … Read more
WellNow Urgent Care Agreed to Settle Data Breach Litigation for $4.4 Million
WellNow Urgent Care (earlier known as Five Star Urgent Care), a community of walk-in urgent care centers in Illinois, New York, Ohio, and Michigan, has decided to pay $4.4 million to resolve a class action lawsuit. The lawsuit is associated … Read more
Rhode Island Announces the Results of RIBridges Hacking Investigation
The state of Rhode Island has published the results of the investigation conducted by cybersecurity company CrowdStrike regarding the hacking incident involving RIBridges, Rhode Island’s state benefit system. The Brain Cipher threat group was behind the attack that accessed 28 … Read more
123% Increase in Ransomware Attacks in 2 Years with More Small Ransomware Groups Emerging
Black Kite’s new research has revealed the evolving ransomware environment. Last year, a notable shift was seen from big ransomware groups doing many attacks to an increasing number of smaller groups conducting the attacks. The report is according to information … Read more
ELENOR-Corp Ransomware Group Attacks the Healthcare Sector with Mimic Ransomware Variant
According to the cybersecurity company Morphisec, a new ransomware group known as ELENOR-corp is targeting the healthcare sector. Researchers confirmed that ELENOR-corp is utilizing version 7.5 of Mimic ransomware, a ransomware strain first discovered in 2022. The new ransomware variant … Read more
Multiple Lawsuits Filed Against Southeast Series of Lockton Companies Over 1M-Record Breach
Multiple lawsuits were filed against Southeast Series of Lockton Companies (Lockton) based in Kansas City, Missouri, because of a data breach report submitted to OCR. The initial report was 1,706 people were impacted, but a later report indicated that over … Read more
UnitedHealth Implements Aggresive Tactics on Ransomware Attack Loan Recovery
UnitedHealth Group has taken a confrontational approach to retrieve outstanding balances on loans released to HIPAA-covered healthcare companies impacted by the Change Healthcare ransomware attack in February 2024. The attack resulted in an extended outage of Change Healthcare’s network, disrupting … Read more
Saint Louis University to Pay $2 Million to Settle Data Breach Lawsuit
St. Louis University and SSM Health Saint Louis University Hospital (SSM-SLUH) agreed to settle a class action lawsuit involving a data breach in 2023. The terms of the settlement required a $2 million fund to pay for claims, attorneys’ service … Read more
What is a HIPAA Security Incident?
A HIPAA security incident is defined by the HIPAA Security Rule as “the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.” It is important to emphasize that … Read more
Firmware Upgrade Required in Fortinet Products to Fix Critical FortiSwitch Vulnerability
Fortinet is telling FortiSwitch consumers to implement a firmware update immediately to correct a critical vulnerability that may be taken advantage of by a remote hacker to alter admin passwords. Daniel Rozeboom of FortiSwitch’s web UI development group discovered vulnerability … Read more
Email Account Breaches at Two Beacon Health System Business Associates
Beacon Health System, based in South Bend, Indiana, has reported two data breaches associated with two business associates. The non-profit health care system added two breach notices on its website. The incident at business associate CPS Solutions was posted on … Read more
PHI Exposed Due to Orthodontic Practice Management Software Provider Data Breach
Orthodontic practice management software provider OrthoMinds, based in Alpharetta, Georgia, recently reported a security incident that occurred in November 2024, allowing unauthorized access to patients’ protected health information (PHI). According to forensic investigation, parts of its system were exposed to … Read more
MATCH IT Act of 2025 aims to Address Patient Misidentification
The Health Insurance Portability and Accountability Act of 1996 required the creation of a national patient identifier – a unique ID for all U.S. citizens that would reliably link medical records to the correct persons. The mismatching of medical records … Read more
Is It a HIPAA Violation to Say Someone is Your Patient?
Whether it is a HIPAA violation to say someone is your patient is an event-specific determination that depends on factors such as who is speaking, who they are speaking to, and the context of the conversation. It may also be … Read more
86,000 Records in Healthcare Employees Database Compromised Online
A health technology firm in New Jersey encountered a breach of its database online, resulting in the exposure of sensitive data. Anyone could freely access the database with no need for authentication. The database associated with ESHYFT has no password … Read more
Fred Hutchinson Cancer Center Pays $11.5M to Settle a Class Action Data Breach Lawsuit
The University of Washington and Fred Hutchinson Cancer Center have decided to settle a proposed class action data breach lawsuit for $11,500,000 and set aside $13,500,000 to enhance cybersecurity. The lawsuit is a result of a cyberattack and data breach … Read more
BlackLock Ransomware Operation Increased Data Leaks by 1,425%
BlackLock is a new ransomware-as-a-service (RaaS) group that has increased attacks and might become 2025’s most prominent RaaS group. Based on ReliaQuest Threat Spotlight, the BlackLock group was initially noticed in March 2024 using the name El Dorado. It rebranded … Read more
Healthcare Organizations Targeted in 41% of 2024 Third-Party Breaches
According to new research, the healthcare industry is the most impacted by third-party breaches. Monitoring by Black Kite, a cyber risk intelligence and risk management software company, showed that 41.2% of third-party breaches occur in the healthcare sector. Improving digital … Read more
Rhode Island HIE Faces Lawsuit for Alleged HIE Data Impermissible Disclosure
Ex-HIPAA officer Darlene Morris filed a lawsuit against the Rhode Island Quality Institute (RIQI) for allegedly being fired from work for exposing its impermissible disclosures of HIE information. As a state government contractor of Rhode Island, RIQI managed the RI … Read more
Survey Shows 88% of Companies in 2024 Encountered a Ransomware Attack
The Ponemon Institute conducted a survey recently on behalf of Illumio, a provider of a zero-trust segmentation platform. Based on the survey results, 88% of participant organizations had encountered at least one ransomware attack in the last 12 months. The … Read more
Morrison Community Hospital Settles Ransomware Lawsuit for $675K
Critical access hospital Morrison Community Hospital in Illinois has decided to settle a lawsuit for $675,000. The lawsuit was associated with a ransomware attack and data breach in 2023. The BlackCat/ALPHV ransomware group behind the cyberattack on September 24, 2023, … Read more
Memorial Healthcare System to Pay $60,000 to Settle Alleged HIPAA Right of Access Violation
Florida health system South Broward Hospital District, also known as Memorial Healthcare System, has consented to resolve an alleged HIPAA Right of Access violation determined by the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR). The … Read more
Solara Medical Supplies Settles HIPAA Violations Paying $3M
The HHS’ Office for Civil Rights (OCR) has reported a settlement with Solara Medical Supplies, LLC to settle multiple HIPAA Rules violations. Solara Medical Supplies, LLC is a direct-to-patient supplier of medical products and a subsidiary of AdaptHealth. It is … Read more
Virtual Private Network Solutions Pays $90,000 to Resolve HIPAA Investigation
The HHS’ Office for Civil Rights (OCR) has reported reaching a settlement that ended the investigation of a ransomware attack. Because Virtual Private Network Solutions failed to perform a HIPAA-compliant risk analysis, it will pay OCR a $90,000 financial penalty. … Read more
50% of Rhode Island Residents Potentially Affected by a Ransomware Attack
The cyberattack that compelled the deactivation of Rhode Island’s public benefits system (RI Bridges) has possibly compromised the personal information of over 50% of Rhode Island’s population, around 650,000 people, as reported by state Governor Daniel McKee. McKee stated there … Read more
HIPAA Privacy Rule: New Requirements for Reproductive Healthcare Entities
In April 2024, the HHS Office for Civil Rights (OCR) released the HIPAA Privacy Rule to assist the Reproductive Healthcare Privacy Final Rule. The new rule became effective on June 23, 2024, but the last day of compliance for everything … Read more
43,000 UT Southwestern Medical Center Patients Impacted by Data Breach
UT Southwestern Medical Center (UTSW) in Texas submitted a breach report to the HHS’ Office for Civil Rights (OCR) involving an email-linked unauthorized access/disclosure incident that affected the protected health information (PHI) of about 43,048 patients. As per the substitute … Read more
Kaye-Smith Pays $2 Million to Resolve Class Action Data Breach Lawsuit
The marketing firm and mailing vendor, Kaye-Smith Enterprises, opted to settle a class action lawsuit associated with a cyberattack and data security breach in 2022. Hackers acquired access to its network, deployed ransomware for file encryption, and possibly stole sensitive … Read more
GoodRx to Pay $25 Million to Settle Tracking Technology Lawsuit
Telemedicine platform company and drug discounter GoodRx will pay $25 million to settle a consolidated class action lawsuit. When users became aware that GoodRx used website tracking tools on its platform and shared website visitor information with third parties like … Read more
Truepill Pays $7.5 Million To Settle Data Breach Lawsuit
Postmeds Inc., dba Truepill, an online pharmacy, has agreed to negotiate a class action lawsuit it faced due to a 2023 data breach that impacted 2,364,359 people. U.S. District Court Judge Haywood S. Gilliam gave preliminary approval of the plaintiffs’ … Read more
Cyber Incident Response Playbook Now Available to Help Manufacturers of Medical Products
The Healthcare Sector Coordinating Council (HSCC) has published a Medical Product Manufacturer Cyber Incident Playbook (MPM CIRP). This comprehensive guide is designed to help medical product manufacturers prepare for and respond effectively to cyber incidents affecting their operations. It provides … Read more
US Healthcare Organizations Targeted by New Interlock Ransomware Group
Cisco Talos Incident Response reported that a new ransomware group has been targeting the healthcare sector and has been active since September 2024. Interlock ransomware is a threat group that claims to conduct attacks for financial gain and to show … Read more
OMB’s Review of the Proposed Change to the HIPAA Security Rule
In December 2023, the Department of Health and Human Services (HHS) published its cybersecurity strategy for the healthcare sector, detailing a list of actions to be implemented to improve cybersecurity across the healthcare industry, including voluntary performance targets. These voluntary … Read more
UMC Health’s EHR System is Back After Ransomware Attack
UMC Health System based in Lubbock, Texas reported the progress of its recovery from the ransomware attack in September. The ransomware attack impacted several systems, including the systems used by Texas Tech Physicians and Texas Tech University Health Sciences Center. … Read more
CISA Issues Alert to F5 BIG-IP Users on Unencrypted Cookie Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has raised concerns for F5 BIG-IP users, warning that malicious actors are exploiting unencrypted cookies to gain information into internal network servers, potentially leading to targeted attacks on vulnerable systems. F5 BIG-IP … Read more
Choosing the Right HIPAA Compliance Software
HIPAA compliance software helps a covered entity deal with the issues of HIPAA by streamlining and automating compliance and undertaking comprehensive risk management processes. Smaller organizations that have less than 100 employees assign the responsibility for HIPAA compliance to an … Read more
Observing National Cybersecurity Awareness Month in 2024
National Cybersecurity Awareness Month is a month-long event held in October aimed at promoting cybersecurity and sharing best practices to help individuals and organizations protect themselves online. The theme in 2024 is “Secure Our World.” The awareness campaign will be … Read more
Impact of the Ransomware Attack on Ascension’s Financial Recovery
Healthcare system Ascension based in St. Louis, MO encountered a ransomware attack in May 2024 that considerably impacted the company, both operationally and financially. Because of the attack, Ascension diverted ambulances, closed pharmacies, took down critical IT systems, and used … Read more
Why Cyberattackers Target Third-Party Vendors
Recent big data breaches that affected third-party vendors like Change Healthcare targeted critical security risk management issues for business associates and vendors. These breaches have proven the necessity of security measures and comprehensive monitoring of third-party vendors, specifically in the … Read more
OSHA’s New Online Database of Reported Severe Workplace Injuries
The Department of Labor’s Occupational Safety and Health Administration (OSHA) has introduced a new online dashboard designed to simplify searching its severe injury report database and tracking workplace injury trends in states under federal OSHA jurisdiction. Beginning January 1, 2015, … Read more
57% More Active Ransomware Groups in H1 2024
Searchlight Cyber1 reported a 57% increase in the number of active ransomware groups. In H1 of 2023, 46 active ransomware groups were identified from posts on dark web data leak sites compared to 72 active groups in H1 of 2024. … Read more
Atlantic General Hospital Pays $2.25 Million to Resolve Data Breach Lawsuit
Atlantic General Hospital in Berlin, MD, has proposed a $2.24 million settlement to resolve a class action lawsuit associated with a ransomware attack in 2023. The settlement proposal was given preliminary approval by the court. The nonprofit hospital identified the … Read more
Radar/Dispossessor Ransomware Group Operations Disrupted by the FBI
The Federal Bureau of Investigation (FBI) spearheaded a global operation that successfully dismantled the infrastructure of the Radar/Dispossessor ransomware group, a criminal ransomware-as-a-service (RaaS) group led by someone known as ‘Brain’. The operation led to the takedown of the group’s … Read more
Blood Supplies Affected by Ransomware Attack on OneBlood
OneBlood, a nonprofit blood donation organization based in Florida, encountered a ransomware attack that is impacting its capability to supply blood to hospitals in the U.S. OneBlood supplies blood to about 250 hospitals in Alabama, Georgia, Florida, and South and … Read more
EPA Urged to Develop a Strategy to Address Cybersecurity Risks in Water Sector
The U.S. water and wastewater systems are dealing with an increasingly serious threat from cyberattacks, which could have lasting consequences for public health and environmental safety. A report from the U.S. Government Accountability Office (GAO) has found weaknesses within these … Read more
74% of Ransomware Victims Suffered Multiple Ransomware Attacks
A new study by the cybersecurity company Semperis showed that companies tend to be attacked by ransomware groups several times. 74% of organizations that encountered a ransomware attack reported experiencing multiple attacks. These attacks caused problems at 87% of targeted … Read more
10 Million Unique Acadian Ambulance Records Stolen by Daixin Team
Acadian Ambulance reported a cyberattack in June 2024 that upset the functionality of selected computer systems. Daixin Team said it was behind the ransomware attack and threatened to release the stolen information to the public when no ransom is paid. … Read more
NextGen Healthcare Faces Legal Battle Over 2023 Data Breaches
Overview of the Data Breaches The health information technology company “NextGen Healthcare”, is currently embroiled in a legal battle following two data breaches that took place in 2023. These incidents exposed sensitive patient information, leading to a wave of lawsuits … Read more
Phishing Attack on Memorial Sloan Kettering Cancer Center
Memorial Sloan Kettering Cancer Center (MSK) based in New York City has reported the compromise of the protected health information (PHI) of 12,274 people due to a phishing attack. On April 26, 2024, MSK discovered suspicious activity in the email … Read more
$3.4M Settlement Proposed by Nationwide Vision/Sightcare to Resolve Class Action Lawsuit
A $3.45 million settlement was proposed to resolve a combined class action lawsuit associated with a data breach at USV Optical, a U.S. Vision subsidiary. The 2021 data breach impacted over 710,000 people, which included 73,073 Nationwide Optometry patients and … Read more
