Summa Health Notifies 10,000 Patients of Data Security Incident

Summa Health is in the process of notifying 10,000 patients of a data security incident which resulted in sensitive data being compromised. On May 1, 2019, Summa Health, based in Akron, Ohio, noticed suspicious activity on its email platform and immediately investigated the situation. They quickly discovered that an unauthorised individual had gained access to … Read more

Union Labor Life Insurance Phishing Attack Affects 87,000 Individuals

A phishing attack at Union Labor Life Insurance (ULLI) has compromised the protected health information (PHI) of more than 87,000 individuals. ULLI, a subsidiary The Ullico Inc., discovered the attack shortly after it commenced on April 1, 2019. The IT department successfully managed to revoke unauthorized access within 90 minutes of the account being compromised. … Read more

Today’s Vision Medical Records Found in Texas Dumpster

The medical records of Today’s Vision patients have been found in a dumpster in Tomball, Texas. Today’s Vision is an optometry services provider with over 50 independently owned clinics. More than 20 boxes of records patients and employees were found in a dump behind the strip mall in Tomball. Soon after the discovery of the … Read more

Inmediata Breach Notification Letters Sent to Incorrect Addresses

A mailing error at Inmediata has seen breach notification letters being sent to the incorrect addresses. Inmediata was sending the breach notification letters after it was discovered that a webpage that should have only been accessible to Inmediata employees was indexed by search engines and therefore publicly available. This security breach was the result of … Read more

DC Attorney General Proposes Stricter Data Breach Notification Laws

Washington D.C. Attorney General Karl. A. Racine has proposed stricter data breach notification laws. He anticipates that the new laws would provide greater protection to DC residents should their data be compromised in a data breach incident. AG Racine introduced the Security Breach Protection Amendment Act on March 21, 2019. This Act updates the definition … Read more

14,000 Main Line Endoscopy Center Patients Affected by Phishing Attack

A phishing attack at Main Line Endoscopy Centers has compromised the sensitive data of over 14,000 patients. Main Line Endoscopy Centers, a network of outpatient endoscopy facilities in the Malvern, Bala Cynwyd, and Media regions of Pennsylvania discovered the attack on January 30, 2019. Investigators were unable to determine when the attacker first gained access … Read more

SpamTitan Email Security Solution Now Features Sandboxing and DMARC Authentication

Protecting against zero-day malware and advanced phishing attacks can be a major challenge for SMBs and managed service providers (MSPs). To better protect against these advanced threats, TitanHQ, the leading provider of email security solutions to the SMB market, has added two new features to its award-winning spam filtering solution: SpamTitan. These features were introduced … Read more

Unauthorised Individual Gains Access to St. Francis Health System Patient Data

The Bon Secours St. Francis Health System has announced that unauthorised individual gained access to some of their patients’ protected health information (PHI). The hacker compromised the systems of Milestone Family Medicine, a medical facility based in Greenville, SC. Milestone Family Medicine was affiliated with St. Francis Physicians Services (SFPS) until February 24, 2019. SFPS … Read more

Cottage Health Pays $3,000,000 to OCR for HIPAA Violations

Cottage Health has agreed to pay a $3,000,000 settlement to the Department of Health and Human Services’ Office for Civil Rights (OCR) for two data breaches resulting from HIPAA violations. Cottage Health is a non-profit health provider based in Santa Barbara, California. The organisation operates four hospitals-Santa Barbara Cottage Hospital, Santa Ynez Cottage Hospital, Goleta … Read more

Ransomware Attack on Jones Eye Clinic Affects 40,000 Patients

The Jones Eye Clinic and its affiliated surgery, CJ Elmwood Partners, based in Sioux City, Iowa, has announced that up to 40,000 patients may have had their data compromised following a ransomware attack on their systems. The ransomeware attack was discovered on August 23, 2018. Ransomware is software which denies the user access to their … Read more

SecureWorks Discovers Cobalt Dickens URL Spoofing Campaign

SecureWorks has discovered Cobalt Dickens, an Iranian threat group, has launched a URL spoofing campaign targeting universities in more than a dozen countries. On their website, SecureWorks stated that security researchers working in their Counter Threat Unit discovered the phishing campaign. Threat actors spoofed a university login page to steal the login credentials of university … Read more

417,000 Files Compromised in Augusta Health Phishing Attack

Augusta University Health has announced that a successful phishing attack has resulted in a hacker gaining access to over 417,000 sensitive files. The University of Augusta announced a substituted substitute breach notice posted on its website. The announcement states that the breach was discovered on 31 July. IT security staff changed the password to the … Read more

Extortion Attack on Private Information of Sports Medicine Clients

7,000 patients of Sports Medicine & Rehabilitation Therapy (SMART) have been alerted of a possible breach of the private personal information. It is believed the breach, which involved an extortion attempt, may have impacted anyone whose information was taken during a visit to a SMART center before the last day of 2016. The extortion attempt … Read more

New MyEtherWallet Phishing Attacks Witnessed

A new wave of MyEtherWallet phishing attacks has been witnessed which use a convincing domain and MyEtherWallet branding to trick MyEtherWallet users into sharing their credentials and providing criminals with access to their MyEtherWallet accounts. In the initial hours of the phishing campaign, the criminals responsible for the scam had obtained more than $15,000 of … Read more

Matrix Ransomware Campaign Detected by Security Researcher

A new Matrix ransomware malvertising campaign has been detected by security researcher Jérôme Segura. The campaign employs malicious adverts to send users to a site hosting the Rig exploit kit. Flash and IE weaknesses are exploited to install the malicious file-encrypting payload. The Matrix ransomware is not a threat that hasn’t been seen before, having … Read more

Hackers Able to Gain Access Using New Rowhammer Exploit

The Rowhammer exploit was first identified three years ago and was seen enabling hackers to access devices by using DRAM memory cells. Rowhammer attacks uses the close proximity of memory cells, making them leak their charge and change the make up of neighboring memory cells. The cyber attack involves sending constant read-write operations using carefully … Read more

U.S. Organizations Targeted by FormBook Malware Attacks

The majority of Formbook malware cyber attacks have focused on specific industry sectors in the United States and South Korea, but there is some worry that the malware will be employed in more attacks worldwide. So far, the Aerospace industry, defense contractors and the manufacturing sector have been mainly targeted; however, attacks have not been … Read more

Multi-Function Printers Flaw Risks Password Security

Ruhr University Researchers have uncovered significant security flaws in multi-function printers which may be exploited remotely by hackers to shut down the printers, or more worryingly, modify documents or steal user passwords. Hackers might aslo exploit the flaws in order to physically damage printers. The security flaws have already been found in HP, Lexmark and … Read more

Victims Being Blackmailed by Newly Discovered Ransomware Variant

Proofpoint researchers have recently identified a previously unknown ransomware variant, known as “Ransoc”, which employs various techniques to extort money from its victims. As opposed to the encryption of a broad range of file types and then demanding that a ransom be paid by the victims in exchange of a key to unlock the affected … Read more

Recent Discovery of Social Engineering Scam on LinkedIn

A new LinkedIn social engineering scam has been uncovered by researchers at Heimdal Security which tries to convince LinkedIn users to give their personal information. The attackers have been attempting to obtain access to users’ financial data together with identity documents, e.g. passport and driver’s license numbers, which can then be exploited in order to … Read more

Children’s Hospital in Kansas City Alerts 5,500 Patients following Potential PHI Breach

It has been confirmed that Kansas City Children’s Mercy Hospital has now began the process of notifying more than 5,500 patients that portions of their electronic protected health information have been exposed online. It was discovered that personally identifiable information and some protected health information had been uploaded to a website that had been set … Read more

Confirmation of Ransomware Attack Women’s Health Centre in Kentucky

A sole-practitioner gynaecologist’s clinic in Ashland, Kentucky has become the most recent healthcare provider to be targeted by ransomware attackers. The Department of Health and Human Services’ was recently informed of the attack by Ashland Women’s Health. The healthcare practice indicated that the attack may have allowed its patients’ private health information to be accessed … Read more

95000 More Patients Revealed to Have Been Affected by Bizmatics Data Break

The OCR has gotten two more break reports from healthcare suppliers affected by the Bizmatics data break. Nearly 95K patients of the 2 healthcare services have possibly had their files accessed by cyberpunks. Southeast Eye Institute P.A, carrying out business as Eye Associates of Pinellas, has informed 87,314 patients of the break, whereas Lafayette Pain … Read more

4K Michigan Chiropractic Patients Informed of Possible Data Break

4,082 sick persons of Complete Chiropractic & Bodywork Therapies (CCBT) have been informed of a possible break of safeguarded health information following malware was found in one of the firm’s servers. The malware was found on 19th March, 2016, when the server failed. The failing of the server triggered CCBT’s safety procedures which incorporated stopping … Read more

Hawai‘i Medical Facility Association Privacy Infringement Affects 10,800

Autonomous Blue Cross Blue Shield license holder Hawai‘i Medical Service Association (HMSA) has begun sending infringement announcement letters to 10,800 members warning them to a privacy infringement that led to one member’s medical disorder being revealed to another HMSA member. The privacy infringement was triggered by a mistake made with the dispatching of care management … Read more

Advantages of Healthcare Text Messaging Emphasized by New Analysis

Additional evidence has appeared presenting the advantages of healthcare written messaging. A recently published study in the Journal of the American Heart Association obviously indicated that an automatic mHealth interference using Smartphone and text messages tracing applications might prove to be a good approach for rising patients’ physical activity stages. The advantages of rising activity stages, particularly … Read more

St. Vincent Breast Center Violates HIPAA with 63K-Patient Mailing

The St. Vincent Breast Center, an Indianapolis-based health care provider of analytical services for ladies, has informed that a clerical mistake has led to 63,325 patients getting a mailing having wrong information, containing the names, addresses as well as appointment times of further patients. The letters were dispatched to advise patients of Solis Women’s Health … Read more

Onsite Health Diagnostics Hack Shows 60K-Patient Files

Hackers have penetrated a decommissioned net server at healthcare Business Partner, Onsite Health Diagnostics (OHD), and got access to patient files for a period of 3 months before the incursion was identified. OHD is a Dallas-based subcontractor for offering medical screening and testing services under a health plan managed by Healthways for the state of … Read more

441-Patient HIPAA Infringement Leads to 50K Fine

According to Health Insurance Portability and Accountability Act (HIPAA) rules, healthcare companies are needed to inform data infringements involving over 500 people to the Office of Civil Rights and fiscal fines apply for HIPAA breaches; nevertheless, security violations involving lesser people can still lead to penalties being imposed. During 2010, a laptop was thieved from … Read more

UCLA Hospitals Receives $865K HIPAA Penalty for Lacking to Safeguard Superstar Medical Reports

The Division of Health and Human Services’ Office for Civil Rights has penalized the UCLA Health System $865,500 for HIPAA breaches triggered by letting the medical reports of 2 superstar patients retrieved by non-authorized people. The 2 patients affected by this safety infringement made objections concerning hospital workers having inappropriate access to their medical reports … Read more