Italian Data Protection Authority Accuses ChatGPT of violating GDPR

OpenAI’s ChatGPT Faces Data Protection Challenges in Italy.  In recent developments, the italian data protection authority, Garante, has taken a firm stance against OpenAI, the company behind ChatGPT, for potential breaches of the European Union’s General Data Protection Regulation (GDPR). The Italian watchdog originally initiated an investigation last year, resulting in a temporary ban of … Read more

Data Breach Reports by Columbus Regional Healthcare System, Senior PsychCare, and Aria Care Partners

133K Record Data Breach at Columbus Regional Healthcare System Columbus Regional Healthcare System located in Whiteville, NC, has informed the Maine Attorney General about a patient data theft due to a cybersecurity incident. Unauthorized people got access to its system from May 19, 2023, to May 21, 2023 and extracted files. The file analysis was … Read more

MOVEit Hack Impacts Delta Dental of California and Pan-American Life Insurance Group

MOVEit Hack Impacts 7 Million People from Delta Dental of California Delta Dental of California reported that it suffered from a mass exploitation conducted by the Clop hacking group of a zero-day vulnerability identified in the MOVEit Transfer solution by Progress Software. Delta Dental of California, a member of the Delta Dental Plans Association, is … Read more

Data Breaches Reported by Fairfax Oral and Maxillofacial Surgery, Henwood Family Dentistry, Piedmont Healthcare and Surround Care

Fairfax Oral and Maxillofacial Surgery Ransomware Attack Impacts 236,000 Individuals Fairfax Oral and Maxillofacial Surgery based in Virginia has reported the potential compromise of the protected health information (PHI) of around 235,931 persons in a ransomware attack last May 2023. The healthcare provider detected the security incident on May 16, 2023, upon noticing the encryption … Read more

Finding the Common Causes of Hacking/IT Incidents

The common source of healthcare data breach data is HHS Office for Civil Rights Breach Report. Although it is an important source of data to know the developments in data breaches, the Breach Report has limited scope since it merely shows data breaches impacting five hundred or more persons. In addition, when covered entities and … Read more

Data Breaches Reported by Cummins Behavior Health, Redwood Coast Regional Center and Other Healthcare Entities

Data of 4 Million Coloradans Exposed in MOVEit Transfer Attack The Colorado Department of Health Care Policy and Financing (HCPF), which supervises the Medicaid program of the state and the Child Health Plan Plus (CHP+) program, has just reported the compromise of the protected health information (PHI) of 4,091,794 people. The attack happened at IBM, … Read more

Delaware’s Comprehensive Data Privacy Law and HSCC’s Coordinated Healthcare Incident Response Plan Template

Comprehensive Data Privacy Law Passed by the Delaware Legislature The Delaware legislature passed a comprehensive new data privacy law. Delaware Governor John Charles Carney Jr is likely to sign the Personal Data Privacy Act making Delaware the 12th U.S. state to implement a comprehensive data privacy law. Unlike the data privacy laws in the other … Read more

Proposed HIPAA Privacy Rule Update and CISA’s Updated Zero Trust Maturity Model

The HHS’ Office for Civil Rights has issued a Notice of Proposed Rulemaking (NPRM) concerning a  HIPAA Privacy Rule update to reinforce the protection of privacy for reproductive health information. The proposed revision is in response to the decision of the Supreme Court in Dobbs v. Jackson Women’s Health Organization as well as the overturning of Roe v. Wade, which … Read more

Data Breaches Reported by Dental Health Management Solutions, Nursing Rehab Centre, The Chautauqua Center, Northeast Surgical Group, and White Bird Clinic

Dental Health Management Solutions Alerted Patients About Historic Data Breach Dental Health Management Solutions (DHMS) based in Cedar Park, TX provides the military/government and private individuals with dental services. It recently reported the exposure of the protected health information (PHI) of some patients as a result of a hacking incident in 2021. In the notification … Read more

Roundup of Recent Data Breaches and Cyber Attacks

mscripts Cloud Storage Misconfiguration Exposed PHI for 6 Years The mobile pharmacy company, mscripts, has just reported that its misconfigured cloud storage environment resulted in the exposure of client information on the internet for the last 6 years. mscripts discovered the misconfiguration and fixed it on November 18, 2022. Since September 30, 2016, the cloud … Read more

Applications of AI in Healthcare

The subject of AI in healthcare frequently gets different responses. Although a number of people believe in the advantages of using AI in healthcare and the substantial rewards to patients, other people have worries concerning the ethics of AI in healthcare and hesitate in the use of AI in healthcare due to insufficient understanding of … Read more

Cyberattack on FMC Services, Kaye-Smith and Johnson Memorial Hospital

FMC (Family Medicine Centers) Services based in Amarillo, TX recently reported a hacking incident it discovered and blocked on July 26, 2022. A third-party cybersecurity company conducted a forensic investigation to find out the nature and extent of the cyberattack. That investigation didn’t find any proof that indicates the purpose of the cyberattack was to … Read more

2.65 Million Victims of OneTouchPoint Ransomware Attack

The number of persons impacted by the ransomware attack on OneTouchPoint, the mailing and printing vendor based in Hartland, WI, has now grown to 2,651,396 people. One of the most recent companies to confirm being impacted by the attack is Common Ground Healthcare Cooperative based in Brookfield, WI. The cyberattack affected 133,714 of the Cooperative’s … Read more

Data Breaches at Healthback Holdings, City of Newport, and OrthoArizona

Healthback Holdings has begun sending notifications to 21,114 persons regarding the likely access and theft of some of their protected health information (PHI) by unauthorized individuals. The Oklahoma City home health provider noticed odd activity inside its email account on June 1, 2022. A third-party cybersecurity company helped look into the incident. It was affirmed … Read more

President Biden Approves Executive Order to Keep Access to Reproductive Healthcare Services Safe

President Biden has approved an executive order that aspires to safeguard access to reproductive healthcare assistance. This happened right after the SCOTUS ruling that vetoed Roe v. Wade, which provided women the right to decide on their own reproductive healthcare about 50 years ago. President Biden stated that the government should not interfere with these … Read more

Former IT Consultant Facing Charges on Purposefully Causing Ruin to Healthcare Company’s Server

An IT specialist who worked as a service provider at a suburban healthcare organization in Chicago has been accused of illegally acquiring access to the firm’s network and deliberately causing ruin to a protected PC. Aaron Lockner, 35 years old, from Downers Grove, IL, was employed at an IT organization that had an agreement with … Read more

HHS Alerts HPH Sector Concerning Insider Threats in Medical Care

A lot of healthcare data breaches are taking place, however, not all privacy and security issues arise from outside the company. The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HCC) has just given an advisory regarding insider threats. Insider Threats in Healthcare Cybercriminal gangs, nation-state hacking groups, and single hackers have … Read more

Advisory Issued Regarding Phishing Campaigns Involving Trusted Email Marketing Platforms

Because of a recent data breach at Mailchimp, the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) issued a warning about the risk of phishing attacks using this email marketing platform. The breach was discovered when Trezor, a cryptocurrency hardware wallet provider, looked into a phishing campaign targeting its clients that … Read more

DataHealth, JDC Healthcare Management, and Dr. Douglas C. Morrow Report Hacks and Ransomware Attacks

DataHealth DataHEALTH, the cloud hosting and data storage company based in Austin, TX, has announced a ransomware attack on November 3, 2021. Immediate action was undertaken to manage the incident and a third-party cybersecurity agency was involved to inspect the incident. DataHEALTH mentioned it found out on December 30, 2021, that the threat actors got … Read more

State Attorney General to Scrutinize Rhode Island Public Transit Authority Data Breach

The Rhode Island Public Transit Authority (RIPTA) lately informed the Department of Health and Human Services’ Office for Civil Rights concerning a data breach that impacted the protected health information (PHI) of 5,015 customers of its group health plan. RIPTA mentioned in a breach notice posted on its web page that it identified and blocked … Read more

Data Breaches Reported by True Health New Mexico & Educators Mutual Insurance Association

The medical insurance company True Health New Mexico located in Albuquerque, NM began alerting selected health plan members concerning the breach and likely theft of their protected health information (PHI). The data breach incident was discovered by True Health New Mexico on October 5, 2021. Steps had been taken immediately to secure its IT systems. … Read more

University Hospital Newark Alerts 9,000 People About Historic Insider Data Breach

University Hospital Newark (NY) has found out that a former worker had accessed the protected health information(PHI) of thousands of patients without authorization over the duration of a year. That information was later disclosed to other people who were likewise not approved to view the details. Insider breaches like this are pretty common, though what … Read more

CISA Released Insider Threat Self-Assessment Tool

Public and private industry companies have a new tool that can be used to evaluate how much they are vulnerable to insider threats. The Cybersecurity and Infrastructure Security Agency (CISA) created this new Insider Threat Risk Mitigation Self-Assessment Tool to help end-users increase their knowledge about insider threats and create prevention and mitigation plans. In … Read more

NCCoE Publishes Final Cybersecurity Practice Guide on Mobile Application Solo Sign-On for First Responders

The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) just published the latest edition of the NIST Cybersecurity Practice Guide SP 1800-13, Mobile Application Single Sign-On: Improving Authentication for Public Safety First Responders. Public safety and first responder (PSFR) staff need on-demand access to public safety information to … Read more

Insider Breach Affects Long Island Jewish Forest Hills Hospital Patients

Long Island Jewish Forest Hills Hospital (LIJFH) has begun informing a number of patients regarding an insider data breach that affected their health records. LIJFH mentioned in its breach notification letters that it discovered an unauthorized medical record access occurrence approximately January 24, 2020. LIJFH received a subpoena for records associated with an investigation by … Read more

Record GDPR Penalty of $886 Million Issued to Amazon

The Data Protection Authority of Luxembourg, Commission Nationale pour la Protection des Données (CNPD), has penalized Amazon.com with €746 million ($886 million) to settle its EU General Data Protection Regulation (GDPR) violations. Since May 25, 2018, the GDPR has been in effect giving EU citizens legal rights regarding their personal data and put limitations on … Read more

Bill Requiring the Texas State AG to Publish Data Breach ‘Wall of Shame’ Gets Approval

The Texas Legislature followed what California and Maine had done in approving a bill requiring the Texas Attorney General to publish notices regarding personal data breaches that affect state residents on the public-facing web portal of the state Attorney General. The amendment of the Texas Business and Commerce Code § 521.053, now known as House … Read more

Data Breaches at Arizona Asthma and Allergy Institute, Stillwater Medical Center and Nebraska Department of Health and Human Services

Arizona Asthma and Allergy Institute sent breach notification letters to 70,372 patients who obtained services between October 1, 2015 and June 15, 2020. As per the breach notice, a selection of their personal data and protected health information (PHI) such as names, patient ID numbers, healthcare provider names, health insurance data, and treatment cost details … Read more

Third-Party Phishing Attack Impacts Around 34,862 Lafourche Medical Group Patients

Urgent care center operator Lafourche Medical Group located in Louisiana has informed 34,862 patients regarding a security breach that likely impacted their protected health information (PHI). Lafourche Medical Group discovered on March 30, 2021 that a third-party accountant had clicked a phishing email that imitated one of the business owners of Lafourche Medical Group and … Read more

Ransomware Gangs Use New Triple Extortion Tactics

After the DarkSide ransomware attack on Colonial Pipeline, a number of ransomware gangs have stopped activity or have executed guidelines that their affiliates are required to follow, which include stopping all attacks on critical infrastructure companies, medical care companies, and government institutions. A few well-known hacking forums are separating themselves from ransomware and have prohibited … Read more

Higher Ransom Payment Due to Accellion FTA Data Exfiltration Extortion Attacks

The latest Coveware Quarterly Ransomware Report states that the growth in ransomware attacks in 2020 has persisted in 2021 as most threat actors target the healthcare industry. 11.6% of all attacks in quarter 1 of 2021 were healthcare ransomware attacks, the same with the public sector attacks. Attacks on professional services companies accounted for 24.9% … Read more

Data Breaches Reported by the American College of Emergency Physicians, Epilepsy Florida and VEP Healthcare

The American College of Emergency Physicians (ACEP) has commenced notifying some of its members regarding the unauthorized access of their personal data that was located on a server. Besides offering professional company services to its members, ACEP offers management services to companies such as Society for Emergency Medicine Physician Assistants (SEMPA), the Emergency Medicine Residents’ … Read more

UPMC and Charles Hilton and Associates Charged With Class Action Lawsuit Due to 36,000-Record Breach

University of Pittsburgh Medical Center (UPMC) and the law agency Charles Hilton and Associates are dealing with a class-action lawsuit because of a breach of the protected health information (PHI) of 36,000 UPMC patients. Charles Hilton and Associates, which manages UPMC’s collections, reported that attackers had acquired access to the email accounts of a number … Read more

Virginia Consumer Data Protection Act Approved

Governor Ralph Northam has approved the Virginia Consumer Data Protection Act (CDPA). CDPA necessitates individuals running a business in the Commonwealth of Virginia to abide by new data privacy and security conditions. The CDPA will be effective on January 1, 2023. The CDPA has similarities with a number of the privacy and security conditions of … Read more

PHI Exposed as a Result of Data Breaches at Pennsylvania Adult & Teen Challenge And Gore Medical Management

Pennsylvania Adult & Teen Challenge located in Rehrersburg, PA announced that an unauthorized individual obtained access to worker email accounts that included the PHI of 7,771 people. This provider operates addiction treatment programs for adults and youngsters. On July 29, 2020, the provider noticed suspicious things in an email account and had taken action to … Read more

$75,000 Paid by Renown Health to Settle its HIPAA Right of Access Case

The Department of Health and Human Services’ Office for Civil Rights (OCR) is moving forward with its campaign to stop noncompliance with the HIPAA Right of Access. OCR reported its fifteenth settlement this week that resolved a HIPAA Right of Access enforcement action. Renown Health, a Northern Nevada non-profit healthcare network, agreed to pay a … Read more

Philadelphia Department of Public Health Ends Vaccine Distribution Agreement Due to Alleged Privacy Breaches

The contract of Philly Fighting COVID to dispense COVID-19 vaccines in Philadelphia city with the Philadelphia Department of Public Health was terminated because of allegations that the company’s privacy policies possibly made possible the sale of private information to third parties. Philly Fighting COVID started out as a nonprofit company providing coronavirus screening and then … Read more

$5.1 Million Penalty Paid by Excellus Health Plan to Settle HIPAA Violation Case

Health insurance company Excellus Health Plan agreed to pay the Department of Health and Human Services’ Office for Civil Rights $5.1 million as a penalty to settle its HIPAA violation case associated with the 2015 data breach that affected 9.3 million individuals. Excellus Health Plan uncovered the data breach in 2015, the same year when … Read more

Twitter Paid $544,000 Penalty for its GDPR Data Breach Violations

Twitter paid a penalty of €450,000 ($544,600) for its General Data Protection Regulation (GDPR) violation. Ireland’s Data Protection Commission (DPC) issued a penalty that is related to the privacy breach report submitted by Twitter last January 2019. On January 8, 2019, Twitter International Company sent to the DPC a breach notification letter. On January 22, … Read more

Ransomware Attack Disables Campbell County Health Services

A ransomware attack at Campbell County Health has disrupted hospital services and left the organization unable to access patient information.  Campbell County Health, based in Gillette, Wyoming, stated that the ransomware attack began at 3:30 am on Friday, September 20, 2019. The attack caused ‘serious computer issues’ and left the hospital unable to offer many … Read more

Irish Internet Browser Claims Google is Operating GDPR ‘Workaround’

Irish Internet browser Brave has claimed that they have offered new information to the Data Protection Commission (DPC) in Ireland which proves that Google has been trying to bypass General Data Protection Regulation (GDPR) legislation.  Brave claims that Google has implemented this workaround to share the data of Google users with a network of advertising … Read more

Over 70 Employee Email Accounts Compromised in Phishing Attack on NCH Healthcare System

NCH Healthcare System is preparing to notify patients that their protected health information may have been compromised in a phishing attack. On June 14, 2019, NCH Healthcare System, based in Bonita Springs, Florida, noticed suspicious email activity on its payroll database. NCH immediately investigated the incident and discovered that 73 employees had replied to a … Read more

Swedish High School Issued GDPR Fine

A high school in Sweden has become the first organization to be issued a General Data Protection Regulation fine by Sweden’s Data Protection Authority (DPA). The school in Skellefteå, in the north-east of Sweden, was fined 200,000 SEK (€19,000/$21,000) for using facial recognition technology in classrooms for three weeks in early 2018. The study, run … Read more

Irish DPC Releases GDPR Breach Notification Guidance

The supervisory authority for the General Data Protection Regulations (GDPR) in Ireland has released a set of guidelines on issuing GDPR breach notifications.  The Irish Data Protection Commission (DPC) has stated that the guidelines aim to help data controllers understand GDPR’s stringent requirements for sending notifications to the data protection authority and subjects whose personal … Read more

Western Connecticut Health Network Patient Information Exposed in Mailing Incident

Western Connecticut Health Network is sending breach notification letters to patients whose protected health information (PHI) may have been exposed in a postal incidence.  On June 11, 2019, Western Connecticut Health Network (WCHN), now known as Nuvance Health, sent a box containing medical records to the Connecticut State Department of Public Health using the U.S. … Read more

Monzo Contacts 500,000 Customers Following PIN Security Breach

Monzo has contacted 500,000 customers following a data breach which saw customer PINs accessible to employees of the digital bank for more than a year.  The incident, which may constitute a breach of the EU’s General Data Protection Regulation (GDPR) breach, has prompted Monzo to advise them to change their PINs. On August 2, Monzo … Read more

Perry County Medical Center Notifying Patients Following Phishing Attack

Perry County Medical Center, Inc. d/b/a Three Rivers Community Health Group, has announced that it is notifying patients following a phishing attack which saw patient data compromised.  Perry Country Medical Center, a health care centre based in Linden, Tennessee, noticed suspicious activity on an employee email account on May 28, 2019. The IT department were … Read more

ICO Hits BA with £183.39 million GDPR Fine for 2018 Data Breach

British Airways (BA) has been hit by a GDPR fine of £183.39 million by the UK Information Commissioners Office (ICO) for a 2018 data breach. The ICO investigation revealed that hackers stole the data of more than half a million BA customers, including sensitive information such as login credentials, payment card numbers, names, and addresses. … Read more

Dominion Health Data Breach Affects 3 Million Members

Dominion National is notifying patients of a data security incident that first stated in 2010 and has affected nearly 3 million members. Dominion National is a health insurer, health plan administrator, and administrator of dental and vision benefits based in Virginia. Staff at the organization discovered the breach after an internal alert on their system … Read more