Ransomware Attack on Jones Eye Clinic Affects 40,000 Patients

The Jones Eye Clinic and its affiliated surgery, CJ Elmwood Partners, based in Sioux City, Iowa, has announced that up to 40,000 patients may have had their data compromised following a ransomware attack on their systems. The ransomeware attack was discovered on August 23, 2018. Ransomware is software which denies the user access to their device, or certain files on the device, until a ransom has been paid to the scammer. The...

Read More

ERS Texas Data Breach Caused by Error in Online Portal’s Code

The Employees Retirement System of Texas (ERS) has discovered a flaw in its ERS OnLine portal which allowed some users to view other members’ details upon logging into the portal. Up to 1.25 million records may have been exposed as a result of the error. ERS, a public pension fund with over $21 billion in assets under management, has explained that an error in the website’s code affected the “Annual Out-of-Pocket Premium” function of...

Read More
UAB Medicine Encounters PHI Breach Due to Missing Laptops
Dec06

UAB Medicine Encounters PHI Breach Due to Missing Laptops

The UAB Medicine Viral Hepatitis Clinic located in Birmingham, AL has encountered a violation of patients’ protected health information (PHI). UAB Medicine employs the use of flash drives to shift data from its Fibroscan machine to a computer device. Two flash drives were discovered to be missing on October 25, 2017. The portable storage devices stored a restricted amount of PHI of 652 patients. Information captured on the devices...

Read More
Extortion Attack on Private Information of Sports Medicine Clients
Dec06

Extortion Attack on Private Information of Sports Medicine Clients

7,000 patients of Sports Medicine & Rehabilitation Therapy (SMART) have been alerted of a possible breach of the private personal information. It is believed the breach, which involved an extortion attempt, may have impacted anyone whose information was taken during a visit to a SMART center before the last day of 2016. The extortion attempt occurred in September 2017 when hackers gained access to SMART systems, allegedly stole...

Read More
New MyEtherWallet Phishing Attacks Witnessed
Oct22

New MyEtherWallet Phishing Attacks Witnessed

A new wave of MyEtherWallet phishing attacks has been witnessed which use a convincing domain and MyEtherWallet branding to trick MyEtherWallet users into sharing their credentials and providing criminals with access to their MyEtherWallet accounts. In the initial hours of the phishing campaign, the criminals responsible for the scam had obtained more than $15,000 of MyEtherWallet funds, including $13,000 from one MyEtherWallet user....

Read More
Flash Player Flaw Used to Deliver FinSpy Malware Exploited by Adobe Patches
Oct15

Flash Player Flaw Used to Deliver FinSpy Malware Exploited by Adobe Patches

Adobe has issued a new update for Flash Player to tackle an actively exploited flaw (CVE-2017-11292) that is being used by the hacking group Black Oasis to send out FinSpy malware. Finspy is not malware as you would expect, it is a legitimate software program developed by the German software company Gamma International. However, its capabilities include a variety of malware-like functions. As the name implies, FinSpy is surveillance...

Read More
Matrix Ransomware Campaign Detected by Security Researcher
Oct09

Matrix Ransomware Campaign Detected by Security Researcher

A new Matrix ransomware malvertising campaign has been detected by security researcher Jérôme Segura. The campaign employs malicious adverts to send users to a site hosting the Rig exploit kit. Flash and IE weaknesses are exploited to install the malicious file-encrypting payload. The Matrix ransomware is not a threat that hasn’t been seen before, having first been experienced in late 2016. The ransomware variant was used in...

Read More
Hackers Able to Gain Access Using New Rowhammer Exploit
Oct08

Hackers Able to Gain Access Using New Rowhammer Exploit

The Rowhammer exploit was first identified three years ago and was seen enabling hackers to access devices by using DRAM memory cells. Rowhammer attacks uses the close proximity of memory cells, making them leak their charge and change the make up of neighboring memory cells. The cyber attack involves sending constant read-write operations using carefully crafted memory access patterns to constantly activate the same memory rows,...

Read More
U.S. Organizations Targeted by FormBook Malware Attacks
Oct05

U.S. Organizations Targeted by FormBook Malware Attacks

The majority of Formbook malware cyber attacks have focused on specific industry sectors in the United States and South Korea, but there is some worry that the malware will be employed in more attacks worldwide. So far, the Aerospace industry, defense contractors and the manufacturing sector have been mainly targeted; however, attacks have not been restrcited to these sectors. The financial services, energy and utility companies,...

Read More
Multi-Function Printers Flaw Risks Password Security
Oct05

Multi-Function Printers Flaw Risks Password Security

Ruhr University Researchers have uncovered significant security flaws in multi-function printers which may be exploited remotely by hackers to shut down the printers, or more worryingly, modify documents or steal user passwords. Hackers might aslo exploit the flaws in order to physically damage printers. The security flaws have already been found in HP, Lexmark and Dell multi-function printers. Twenty such printers are now recognised...

Read More
Victims Being Blackmailed by Newly Discovered Ransomware Variant
Aug15

Victims Being Blackmailed by Newly Discovered Ransomware Variant

Proofpoint researchers have recently identified a previously unknown ransomware variant, known as “Ransoc”, which employs various techniques to extort money from its victims. As opposed to the encryption of a broad range of file types and then demanding that a ransom be paid by the victims in exchange of a key to unlock the affected data, in the case of Ransoc the victims are simply blackmailed into making payment. In standard cases...

Read More
Recent Discovery of Social Engineering Scam on LinkedIn
Aug15

Recent Discovery of Social Engineering Scam on LinkedIn

A new LinkedIn social engineering scam has been uncovered by researchers at Heimdal Security which tries to convince LinkedIn users to give their personal information. The attackers have been attempting to obtain access to users’ financial data together with identity documents, e.g. passport and driver’s license numbers, which can then be exploited in order to commit identity theft. A rather common social engineering technique,...

Read More
Children’s Hospital in Kansas City Alerts 5,500 Patients following Potential PHI Breach
Jul17

Children’s Hospital in Kansas City Alerts 5,500 Patients following Potential PHI Breach

It has been confirmed that Kansas City Children’s Mercy Hospital has now began the process of notifying more than 5,500 patients that portions of their electronic protected health information have been exposed online. It was discovered that personally identifiable information and some protected health information had been uploaded to a website that had been set up by one of the hospital’s doctors. The website was intended to be an...

Read More
Confirmation of Ransomware Attack Women’s Health Centre in Kentucky
Jul17

Confirmation of Ransomware Attack Women’s Health Centre in Kentucky

A sole-practitioner gynaecologist’s clinic in Ashland, Kentucky has become the most recent healthcare provider to be targeted by ransomware attackers. The Department of Health and Human Services’ was recently informed of the attack by Ashland Women’s Health. The healthcare practice indicated that the attack may have allowed its patients’ private health information to be accessed by the attackers. Ransomware attacks should be...

Read More
More than 1 Billion Yahoo Accounts Compromised in by 2013 Cyberattack
Jul17

More than 1 Billion Yahoo Accounts Compromised in by 2013 Cyberattack

Yahoo confirmed in September 2016 that it had been the victim of hacking which had compromised approximately half a billion accounts; however, it has now revealed that a Yahoo cyberattack in 2013 was two times as big. Apparently, the details of over 1,000,000,000 users were stolen in the 2013 Yahoo cyberattack. The Yahoo cyberattack acknowledged in September was, at the time, the largest data breach ever reported. The news was...

Read More

Medical Colleagues of Texas Hacking Case Affects 68,000 Patients

Medical Colleagues of Texas, a doctors’ alliance in Katy, TX. has found out an illegal person gotten entry to its system having the files of over 68,000 patients. The precise description of the case hasn’t been revealed and an inquiry into the safety break is continuing. The doctors’ alliance was ignorant how access was gotten to its methods at the time of sending the break notification; nevertheless, the inquiry into the break has...

Read More

95000 More Patients Revealed to Have Been Affected by Bizmatics Data Break

The OCR has gotten two more break reports from healthcare suppliers affected by the Bizmatics data break. Nearly 95K patients of the 2 healthcare services have possibly had their files accessed by cyberpunks. Southeast Eye Institute P.A, carrying out business as Eye Associates of Pinellas, has informed 87,314 patients of the break, whereas Lafayette Pain Care, PC. has possibly had the files of 7,500 people searched by cyberpunks. Eye...

Read More

4K Michigan Chiropractic Patients Informed of Possible Data Break

4,082 sick persons of Complete Chiropractic & Bodywork Therapies (CCBT) have been informed of a possible break of safeguarded health information following malware was found in one of the firm’s servers. The malware was found on 19th March, 2016, when the server failed. The failing of the server triggered CCBT’s safety procedures which incorporated stopping Internet access, separating the server, as well as altering all...

Read More

Rogue Worker Thieves 24000 Jackson Health System Patient Files

A Jackson Health System worker is accused of thieving about 24,000 patient files over a duration of 5 years. The unit secretary of the hospital has been put on administrative leave till the end of an internal inquiry into the extended HIPAA infringement. The alleged thievery of patient info has also been informed to law enforcement. Remarkably, the worker has been named but not yet sacked. This indicates that the proof already...

Read More

Hawai‘i Medical Facility Association Privacy Infringement Affects 10,800

Autonomous Blue Cross Blue Shield license holder Hawai‘i Medical Service Association (HMSA) has begun sending infringement announcement letters to 10,800 members warning them to a privacy infringement that led to one member’s medical disorder being revealed to another HMSA member. The privacy infringement was triggered by a mistake made with the dispatching of care management letters to members, which led to letters being dispatched...

Read More

Advantages of Healthcare Text Messaging Emphasized by New Analysis

Additional evidence has appeared presenting the advantages of healthcare written messaging. A recently published study in the Journal of the American Heart Association obviously indicated that an automatic mHealth interference using Smartphone and text messages tracing applications might prove to be a good approach for rising patients’ physical activity stages. The advantages of rising activity stages, particularly for patients with...

Read More

St. Vincent Breast Center Violates HIPAA with 63K-Patient Mailing

The St. Vincent Breast Center, an Indianapolis-based health care provider of analytical services for ladies, has informed that a clerical mistake has led to 63,325 patients getting a mailing having wrong information, containing the names, addresses as well as appointment times of further patients. The letters were dispatched to advise patients of Solis Women’s Health Breast Imaging Specialists of Indiana P.C and the Indianapolis...

Read More

Onsite Health Diagnostics Hack Shows 60K-Patient Files

Hackers have penetrated a decommissioned net server at healthcare Business Partner, Onsite Health Diagnostics (OHD), and got access to patient files for a period of 3 months before the incursion was identified. OHD is a Dallas-based subcontractor for offering medical screening and testing services under a health plan managed by Healthways for the state of Tennessee. The business has tens of thousands of protected health files. On...

Read More

AHMC Healthcare Omnibus Law Breach Causes 729K HIPAA Violations

The HIPAA Omnibus Law was introduced to make better standards of data safety in the healthcare business and under the new Law, businesses are needed to apply many additional processes to defend the health files of patients. While a number of organizations have updated policies and procedures to make sure conformity with the latest Law, AHMC Healthcare didn’t take action in time to avoid a security violation. Had it have done so, the...

Read More

441-Patient HIPAA Infringement Leads to 50K Fine

According to Health Insurance Portability and Accountability Act (HIPAA) rules, healthcare companies are needed to inform data infringements involving over 500 people to the Office of Civil Rights and fiscal fines apply for HIPAA breaches; nevertheless, security violations involving lesser people can still lead to penalties being imposed. During 2010, a laptop was thieved from a community non-profit hospital in Hayden, North Idaho....

Read More

UCLA Hospitals Receives $865K HIPAA Penalty for Lacking to Safeguard Superstar Medical Reports

The Division of Health and Human Services’ Office for Civil Rights has penalized the UCLA Health System $865,500 for HIPAA breaches triggered by letting the medical reports of 2 superstar patients retrieved by non-authorized people. The 2 patients affected by this safety infringement made objections concerning hospital workers having inappropriate access to their medical reports and alleged the hospital broke the rule by failing to...

Read More