University Hospital Newark Alerts 9,000 People About Historic Insider Data Breach

University Hospital Newark (NY) has found out that a former worker had accessed the protected health information(PHI) of thousands of patients without authorization over the duration of a year. That information was later disclosed to other people who were likewise not approved to view the details. Insider breaches like this are pretty common, though what … Read more

CISA Released Insider Threat Self-Assessment Tool

Public and private industry companies have a new tool that can be used to evaluate how much they are vulnerable to insider threats. The Cybersecurity and Infrastructure Security Agency (CISA) created this new Insider Threat Risk Mitigation Self-Assessment Tool to help end-users increase their knowledge about insider threats and create prevention and mitigation plans. In … Read more

NCCoE Publishes Final Cybersecurity Practice Guide on Mobile Application Solo Sign-On for First Responders

The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) just published the latest edition of the NIST Cybersecurity Practice Guide SP 1800-13, Mobile Application Single Sign-On: Improving Authentication for Public Safety First Responders. Public safety and first responder (PSFR) staff need on-demand access to public safety information to … Read more

Insider Breach Affects Long Island Jewish Forest Hills Hospital Patients

Long Island Jewish Forest Hills Hospital (LIJFH) has begun informing a number of patients regarding an insider data breach that affected their health records. LIJFH mentioned in its breach notification letters that it discovered an unauthorized medical record access occurrence approximately January 24, 2020. LIJFH received a subpoena for records associated with an investigation by … Read more

Data Breaches at Arizona Asthma and Allergy Institute, Stillwater Medical Center and Nebraska Department of Health and Human Services

Arizona Asthma and Allergy Institute sent breach notification letters to 70,372 patients who obtained services between October 1, 2015 and June 15, 2020. As per the breach notice, a selection of their personal data and protected health information (PHI) such as names, patient ID numbers, healthcare provider names, health insurance data, and treatment cost details … Read more

Third-Party Phishing Attack Impacts Around 34,862 Lafourche Medical Group Patients

Urgent care center operator Lafourche Medical Group located in Louisiana has informed 34,862 patients regarding a security breach that likely impacted their protected health information (PHI). Lafourche Medical Group discovered on March 30, 2021 that a third-party accountant had clicked a phishing email that imitated one of the business owners of Lafourche Medical Group and … Read more

Ransomware Gangs Use New Triple Extortion Tactics

After the DarkSide ransomware attack on Colonial Pipeline, a number of ransomware gangs have stopped activity or have executed guidelines that their affiliates are required to follow, which include stopping all attacks on critical infrastructure companies, medical care companies, and government institutions. A few well-known hacking forums are separating themselves from ransomware and have prohibited … Read more

Data Breaches Reported by the American College of Emergency Physicians, Epilepsy Florida and VEP Healthcare

The American College of Emergency Physicians (ACEP) has commenced notifying some of its members regarding the unauthorized access of their personal data that was located on a server. Besides offering professional company services to its members, ACEP offers management services to companies such as Society for Emergency Medicine Physician Assistants (SEMPA), the Emergency Medicine Residents’ … Read more

UPMC and Charles Hilton and Associates Charged With Class Action Lawsuit Due to 36,000-Record Breach

University of Pittsburgh Medical Center (UPMC) and the law agency Charles Hilton and Associates are dealing with a class-action lawsuit because of a breach of the protected health information (PHI) of 36,000 UPMC patients. Charles Hilton and Associates, which manages UPMC’s collections, reported that attackers had acquired access to the email accounts of a number … Read more

PHI Exposed as a Result of Data Breaches at Pennsylvania Adult & Teen Challenge And Gore Medical Management

Pennsylvania Adult & Teen Challenge located in Rehrersburg, PA announced that an unauthorized individual obtained access to worker email accounts that included the PHI of 7,771 people. This provider operates addiction treatment programs for adults and youngsters. On July 29, 2020, the provider noticed suspicious things in an email account and had taken action to … Read more

$75,000 Paid by Renown Health to Settle its HIPAA Right of Access Case

The Department of Health and Human Services’ Office for Civil Rights (OCR) is moving forward with its campaign to stop noncompliance with the HIPAA Right of Access. OCR reported its fifteenth settlement this week that resolved a HIPAA Right of Access enforcement action. Renown Health, a Northern Nevada non-profit healthcare network, agreed to pay a … Read more

Philadelphia Department of Public Health Ends Vaccine Distribution Agreement Due to Alleged Privacy Breaches

The contract of Philly Fighting COVID to dispense COVID-19 vaccines in Philadelphia city with the Philadelphia Department of Public Health was terminated because of allegations that the company’s privacy policies possibly made possible the sale of private information to third parties. Philly Fighting COVID started out as a nonprofit company providing coronavirus screening and then … Read more

$5.1 Million Penalty Paid by Excellus Health Plan to Settle HIPAA Violation Case

Health insurance company Excellus Health Plan agreed to pay the Department of Health and Human Services’ Office for Civil Rights $5.1 million as a penalty to settle its HIPAA violation case associated with the 2015 data breach that affected 9.3 million individuals. Excellus Health Plan uncovered the data breach in 2015, the same year when … Read more

Ransomware Attack Disables Campbell County Health Services

A ransomware attack at Campbell County Health has disrupted hospital services and left the organization unable to access patient information.  Campbell County Health, based in Gillette, Wyoming, stated that the ransomware attack began at 3:30 am on Friday, September 20, 2019. The attack caused ‘serious computer issues’ and left the hospital unable to offer many … Read more

Over 70 Employee Email Accounts Compromised in Phishing Attack on NCH Healthcare System

NCH Healthcare System is preparing to notify patients that their protected health information may have been compromised in a phishing attack. On June 14, 2019, NCH Healthcare System, based in Bonita Springs, Florida, noticed suspicious email activity on its payroll database. NCH immediately investigated the incident and discovered that 73 employees had replied to a … Read more

Western Connecticut Health Network Patient Information Exposed in Mailing Incident

Western Connecticut Health Network is sending breach notification letters to patients whose protected health information (PHI) may have been exposed in a postal incidence.  On June 11, 2019, Western Connecticut Health Network (WCHN), now known as Nuvance Health, sent a box containing medical records to the Connecticut State Department of Public Health using the U.S. … Read more

Perry County Medical Center Notifying Patients Following Phishing Attack

Perry County Medical Center, Inc. d/b/a Three Rivers Community Health Group, has announced that it is notifying patients following a phishing attack which saw patient data compromised.  Perry Country Medical Center, a health care centre based in Linden, Tennessee, noticed suspicious activity on an employee email account on May 28, 2019. The IT department were … Read more

Dominion Health Data Breach Affects 3 Million Members

Dominion National is notifying patients of a data security incident that first stated in 2010 and has affected nearly 3 million members. Dominion National is a health insurer, health plan administrator, and administrator of dental and vision benefits based in Virginia. Staff at the organization discovered the breach after an internal alert on their system … Read more

Summa Health Notifies 10,000 Patients of Data Security Incident

Summa Health is in the process of notifying 10,000 patients of a data security incident which resulted in sensitive data being compromised. On May 1, 2019, Summa Health, based in Akron, Ohio, noticed suspicious activity on its email platform and immediately investigated the situation. They quickly discovered that an unauthorised individual had gained access to … Read more

Union Labor Life Insurance Phishing Attack Affects 87,000 Individuals

A phishing attack at Union Labor Life Insurance (ULLI) has compromised the protected health information (PHI) of more than 87,000 individuals. ULLI, a subsidiary The Ullico Inc., discovered the attack shortly after it commenced on April 1, 2019. The IT department successfully managed to revoke unauthorized access within 90 minutes of the account being compromised. … Read more

Today’s Vision Medical Records Found in Texas Dumpster

The medical records of Today’s Vision patients have been found in a dumpster in Tomball, Texas. Today’s Vision is an optometry services provider with over 50 independently owned clinics. More than 20 boxes of records patients and employees were found in a dump behind the strip mall in Tomball. Soon after the discovery of the … Read more

Inmediata Breach Notification Letters Sent to Incorrect Addresses

A mailing error at Inmediata has seen breach notification letters being sent to the incorrect addresses. Inmediata was sending the breach notification letters after it was discovered that a webpage that should have only been accessible to Inmediata employees was indexed by search engines and therefore publicly available. This security breach was the result of … Read more

DC Attorney General Proposes Stricter Data Breach Notification Laws

Washington D.C. Attorney General Karl. A. Racine has proposed stricter data breach notification laws. He anticipates that the new laws would provide greater protection to DC residents should their data be compromised in a data breach incident. AG Racine introduced the Security Breach Protection Amendment Act on March 21, 2019. This Act updates the definition … Read more

14,000 Main Line Endoscopy Center Patients Affected by Phishing Attack

A phishing attack at Main Line Endoscopy Centers has compromised the sensitive data of over 14,000 patients. Main Line Endoscopy Centers, a network of outpatient endoscopy facilities in the Malvern, Bala Cynwyd, and Media regions of Pennsylvania discovered the attack on January 30, 2019. Investigators were unable to determine when the attacker first gained access … Read more

SpamTitan Email Security Solution Now Features Sandboxing and DMARC Authentication

Protecting against zero-day malware and advanced phishing attacks can be a major challenge for SMBs and managed service providers (MSPs). To better protect against these advanced threats, TitanHQ, the leading provider of email security solutions to the SMB market, has added two new features to its award-winning spam filtering solution: SpamTitan. These features were introduced … Read more

Unauthorised Individual Gains Access to St. Francis Health System Patient Data

The Bon Secours St. Francis Health System has announced that unauthorised individual gained access to some of their patients’ protected health information (PHI). The hacker compromised the systems of Milestone Family Medicine, a medical facility based in Greenville, SC. Milestone Family Medicine was affiliated with St. Francis Physicians Services (SFPS) until February 24, 2019. SFPS … Read more

Cottage Health Pays $3,000,000 to OCR for HIPAA Violations

Cottage Health has agreed to pay a $3,000,000 settlement to the Department of Health and Human Services’ Office for Civil Rights (OCR) for two data breaches resulting from HIPAA violations. Cottage Health is a non-profit health provider based in Santa Barbara, California. The organisation operates four hospitals-Santa Barbara Cottage Hospital, Santa Ynez Cottage Hospital, Goleta … Read more

Ransomware Attack on Jones Eye Clinic Affects 40,000 Patients

The Jones Eye Clinic and its affiliated surgery, CJ Elmwood Partners, based in Sioux City, Iowa, has announced that up to 40,000 patients may have had their data compromised following a ransomware attack on their systems. The ransomeware attack was discovered on August 23, 2018. Ransomware is software which denies the user access to their … Read more

SecureWorks Discovers Cobalt Dickens URL Spoofing Campaign

SecureWorks has discovered Cobalt Dickens, an Iranian threat group, has launched a URL spoofing campaign targeting universities in more than a dozen countries. On their website, SecureWorks stated that security researchers working in their Counter Threat Unit discovered the phishing campaign. Threat actors spoofed a university login page to steal the login credentials of university … Read more

417,000 Files Compromised in Augusta Health Phishing Attack

Augusta University Health has announced that a successful phishing attack has resulted in a hacker gaining access to over 417,000 sensitive files. The University of Augusta announced a substituted substitute breach notice posted on its website. The announcement states that the breach was discovered on 31 July. IT security staff changed the password to the … Read more

Extortion Attack on Private Information of Sports Medicine Clients

7,000 patients of Sports Medicine & Rehabilitation Therapy (SMART) have been alerted of a possible breach of the private personal information. It is believed the breach, which involved an extortion attempt, may have impacted anyone whose information was taken during a visit to a SMART center before the last day of 2016. The extortion attempt … Read more

New MyEtherWallet Phishing Attacks Witnessed

A new wave of MyEtherWallet phishing attacks has been witnessed which use a convincing domain and MyEtherWallet branding to trick MyEtherWallet users into sharing their credentials and providing criminals with access to their MyEtherWallet accounts. In the initial hours of the phishing campaign, the criminals responsible for the scam had obtained more than $15,000 of … Read more

Matrix Ransomware Campaign Detected by Security Researcher

A new Matrix ransomware malvertising campaign has been detected by security researcher Jérôme Segura. The campaign employs malicious adverts to send users to a site hosting the Rig exploit kit. Flash and IE weaknesses are exploited to install the malicious file-encrypting payload. The Matrix ransomware is not a threat that hasn’t been seen before, having … Read more

Hackers Able to Gain Access Using New Rowhammer Exploit

The Rowhammer exploit was first identified three years ago and was seen enabling hackers to access devices by using DRAM memory cells. Rowhammer attacks uses the close proximity of memory cells, making them leak their charge and change the make up of neighboring memory cells. The cyber attack involves sending constant read-write operations using carefully … Read more

U.S. Organizations Targeted by FormBook Malware Attacks

The majority of Formbook malware cyber attacks have focused on specific industry sectors in the United States and South Korea, but there is some worry that the malware will be employed in more attacks worldwide. So far, the Aerospace industry, defense contractors and the manufacturing sector have been mainly targeted; however, attacks have not been … Read more

Multi-Function Printers Flaw Risks Password Security

Ruhr University Researchers have uncovered significant security flaws in multi-function printers which may be exploited remotely by hackers to shut down the printers, or more worryingly, modify documents or steal user passwords. Hackers might aslo exploit the flaws in order to physically damage printers. The security flaws have already been found in HP, Lexmark and … Read more

Victims Being Blackmailed by Newly Discovered Ransomware Variant

Proofpoint researchers have recently identified a previously unknown ransomware variant, known as “Ransoc”, which employs various techniques to extort money from its victims. As opposed to the encryption of a broad range of file types and then demanding that a ransom be paid by the victims in exchange of a key to unlock the affected … Read more

Recent Discovery of Social Engineering Scam on LinkedIn

A new LinkedIn social engineering scam has been uncovered by researchers at Heimdal Security which tries to convince LinkedIn users to give their personal information. The attackers have been attempting to obtain access to users’ financial data together with identity documents, e.g. passport and driver’s license numbers, which can then be exploited in order to … Read more

Children’s Hospital in Kansas City Alerts 5,500 Patients following Potential PHI Breach

It has been confirmed that Kansas City Children’s Mercy Hospital has now began the process of notifying more than 5,500 patients that portions of their electronic protected health information have been exposed online. It was discovered that personally identifiable information and some protected health information had been uploaded to a website that had been set … Read more

Confirmation of Ransomware Attack Women’s Health Centre in Kentucky

A sole-practitioner gynaecologist’s clinic in Ashland, Kentucky has become the most recent healthcare provider to be targeted by ransomware attackers. The Department of Health and Human Services’ was recently informed of the attack by Ashland Women’s Health. The healthcare practice indicated that the attack may have allowed its patients’ private health information to be accessed … Read more

95000 More Patients Revealed to Have Been Affected by Bizmatics Data Break

The OCR has gotten two more break reports from healthcare suppliers affected by the Bizmatics data break. Nearly 95K patients of the 2 healthcare services have possibly had their files accessed by cyberpunks. Southeast Eye Institute P.A, carrying out business as Eye Associates of Pinellas, has informed 87,314 patients of the break, whereas Lafayette Pain … Read more

4K Michigan Chiropractic Patients Informed of Possible Data Break

4,082 sick persons of Complete Chiropractic & Bodywork Therapies (CCBT) have been informed of a possible break of safeguarded health information following malware was found in one of the firm’s servers. The malware was found on 19th March, 2016, when the server failed. The failing of the server triggered CCBT’s safety procedures which incorporated stopping … Read more