IT Security Incidents

Email Account Breaches Impact PHI of 40,000 Individuals

Three healthcare providers have reported data breaches that affected the email accounts of employees. The occurrences potentially resulted in the exposure and likely theft of the protected health information (PHI) of around 40,000 people. Region IV Area Agency on Aging … Read more

82% Of Healthcare Companies Have Suffered an IoT Cyberattack during the Last 18 Months

Medigate and CrowdStrike performed new research which presented the degree to which hackers are attacking healthcare Internet of Things (IoT) devices and alerts about the disturbing status of IoT security in the medical care sector. The amount of IoT devices … Read more

Ransomware Attacks Reported by Victory Health Partners and Strategic Benefits Advisors

Victory Health Partners Alerts Patients Concerning September 2021 Ransomware Attack Victory Health Partners based in Mobile, AL has informed patients concerning a ransomware attack it detected on September 23, 2021. Before the attackers encrypted the files, they exfiltrated sensitive information … Read more

University Hospital Newark Alerts 9,000 People About Historic Insider Data Breach

University Hospital Newark (NY) has found out that a former worker had accessed the protected health information(PHI) of thousands of patients without authorization over the duration of a year. That information was later disclosed to other people who were likewise … Read more

19,000 People Impacted by Ransomware Attack on Directions for Living

The non-profit behavioral health service provider Directions for Living based in Clearwater, FL experienced a ransomware attack last July 17, 2021. When Directions for Living found out about the attack, it let law enforcement and got third-party computer forensics experts … Read more

Alaska DHSS Claims May 2021 Cyberattack Has Potential Effect on All Alaskans

The Alaska Department of Health and Social Services (DHSS) will commence sending notification letters to all people in the state informing them about the possible exposure of their personal and health data due to a highly advanced cyberattack performed by … Read more

Unauthorized Individuals Accessed CareATC Email Accounts

Population health management firm CareATC based in Tulsa, OK, has learned that unauthorized people have accessed the email accounts of two workers and possibly acquired access to the personal data of patients and workers. CareATC started an investigation on June … Read more

SonicWall Threat Report Indicates Substantial Growth in Ransomware Attacks

SonicWall publicized a Cyber Threat Report update last July, which affirmed a significant rise in cyberattacks beginning 2020. From January to June of 2021, cryptojacking attacks went up by 23%, encrypted threats went up by 26%, IoT attacks increased by … Read more

UNM Health Data Breach Impacts Over 637,000 Individuals

UNM Health found out that an unauthorized third party acquired access to its system and possibly viewed and copied files from that included patients’ protected health information (PHI). The healthcare provider discovered the security incident on June 4, 2021 and … Read more

Phishing Attacks at Academic HealthPlans and Wayne County Hospital

Academic HealthPlans, Inc. (AHP) learned that an unauthorized person has obtained access to the email accounts of two workers after they responded to phishing emails. AHP was informed of a potential breach upon detecting suspicious activity in its Microsoft Office … Read more

Impact of Elekta Ransomware Attack on Advocate Aurora Health, Jefferson Health, and Intermountain Healthcare Confirmed

Three more healthcare providers reported that they were affected by the latest ransomware attack on Elekta Inc, the Swedish radiation therapy and radiosurgery provider. Elekta offers a web-based mobile software referred to as SmartClinic, which healthcare companies utilize to gain … Read more

Kaseya Security Update Resolves Vulnerabilities Exploited in KSA Ransomware Attack

Kaseya has reported a security update published for the Kaseya KSA remote management and tracking software program to resolve the zero-day vulnerabilities, which the REvil ransomware gang fairly recently exploited in attacks on its customers and their clients. The vulnerabilities … Read more

Exploit Available for ‘PrintNightmare’ Zero-Day Windows Print Spooler RCE Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has given a notification after a proof of concept (PoC) exploit had been published for a zero-day vulnerability identified in the Windows Print Spooler service. The vulnerability was called PrintNightmare and is monitored … Read more

Data Breaches at Arizona Asthma and Allergy Institute, Stillwater Medical Center and Nebraska Department of Health and Human Services

Arizona Asthma and Allergy Institute sent breach notification letters to 70,372 patients who obtained services between October 1, 2015 and June 15, 2020. As per the breach notice, a selection of their personal data and protected health information (PHI) such … Read more

Third-Party Phishing Attack Impacts Around 34,862 Lafourche Medical Group Patients

Urgent care center operator Lafourche Medical Group located in Louisiana has informed 34,862 patients regarding a security breach that likely impacted their protected health information (PHI). Lafourche Medical Group discovered on March 30, 2021 that a third-party accountant had clicked … Read more

420,433 People Affected by Health Plan of San Joaquin Email Security Breach

Health Plan of San Joaquin (HPSJ), which is a not-for-profit service provider of Medi-Cal managed care based in French Camp, CA, learned that an unauthorized individual has obtained access to its email system and likely viewed or obtained sensitive data. … Read more

President Biden Signs Expansive Executive Order to Enhance Federal Networks Cybersecurity

On May 13, 2021, President Biden signed a comprehensive Executive Order that seeks to appreciably strengthen cybersecurity protections for federal systems, enhance threat information sharing between the private sector, the government, and law enforcement, and present a cyber threat response … Read more

Hackers Stole the PHI of Over 200,000 Washington D.C. Health Plan Members

CareFirst BlueCross BlueShield Community Health Plan District of Columbia (CHPDC) is notifying its members with regards to a cyberattack that resulted in the theft of their protected health information (PHI). CHPDC, previously known as Trusted Health Plans, discovered a breach … Read more

Over 1.2 Million Health Net Members Impacted by Cyberattack on Accellion

A number of healthcare companies have lately affirmed they were impacted by the Accellion cyberattack last December 2020. The attack was connected to the Clop ransomware gang since its leak website had published parts of the stolen data from the … Read more

Data Breaches at California Department of State Hospitals and Eyemart Express

The Department of State Hospitals (DSH) in California has learned a worker obtained access to the protected health information (PHI) of 1,415 present/former patients and 617 personnel without consent. The employee had an Information Technology job and got access to … Read more

Phishing Attack on Saint Alphonsus Health System, Saint Agnes Medical Center and Southeastern Minnesota Center for Independent Living

Due to a phishing attack encountered by Saint Alphonsus Health System based in Boise, ID, the information of its patients was potentially compromised, including the data of patients of Saint Agnes Medical Center located in Fresno, CA. Saint Alphonsus detected … Read more

100% of Screened mHealth Applications Prone to API Attacks

The personally identifiable health information of a huge number of people is being compromised by means of the Application Programming Interfaces (APIs) employed by mobile health (mHealth) apps, reported by a current study shared by cybersecurity agency Approov. Ethical hacker … Read more

Ransomware Attacks on Ramsey County and Crisp Regional Health Services and Vulnerability in Vaccine Scheduling Application

The County Manager’s Office of Ramsey County, MN has begun informing 8,700 customers of its Family Health Division regarding the potential access of some of their personal data by unauthorized persons brought about by a ransomware attack on its vendor … Read more

Emisoft Reports No Less Than 560 Ransomware Attacks on U.S. Healthcare Facilities in 2020

Ransomware attacks in 2020 had a huge impact on companies and organizations in America. Ransomware gangs targeted the healthcare and education sectors, the federal, state, and municipal governments and departments. These sectors had no less than 2,354 attacks in 2020 … Read more

500k PCs Infected with Cryptocurrency Mining Malware in 12 Hours by Dofoil Trojan

A huge campaign distributing the Dofoil Trojan has been discovered by Microsoft. The campaign has already witnessed almost half a million PCs infected with the malware in less than 12 hours. The Dofoil Trojan is otherwise referred to as Smoke … Read more

Ransomware Attack Disables Campbell County Health Services

A ransomware attack at Campbell County Health has disrupted hospital services and left the organization unable to access patient information.  Campbell County Health, based in Gillette, Wyoming, stated that the ransomware attack began at 3:30 am on Friday, September 20, … Read more

Phishing Attack at East Central Indiana School Trust Affects 3,200 Individuals

East Central Indiana School Trust (ECIST) is notifying more than 3,200 individuals that a phishing attack may have compromised their protected health information (PHI). On May 22, 2019, the organization noticed suspicious activity on an employee email account. ECIST immediately … Read more

Over 70 Employee Email Accounts Compromised in Phishing Attack on NCH Healthcare System

NCH Healthcare System is preparing to notify patients that their protected health information may have been compromised in a phishing attack. On June 14, 2019, NCH Healthcare System, based in Bonita Springs, Florida, noticed suspicious email activity on its payroll … Read more

Western Connecticut Health Network Patient Information Exposed in Mailing Incident

Western Connecticut Health Network is sending breach notification letters to patients whose protected health information (PHI) may have been exposed in a postal incidence.  On June 11, 2019, Western Connecticut Health Network (WCHN), now known as Nuvance Health, sent a … Read more

Hackers Targeting US Utilities Sector with Spear Phishing Campaign

Hackers impersonating the US National Council of Examiners for Engineering and Surveying (NCEES) are targeting business in the US utility sector through a new phishing campaign.  Between July 19 and July 25 2019, the hackers sent phishing emails to three … Read more

Perry County Medical Center Notifying Patients Following Phishing Attack

Perry County Medical Center, Inc. d/b/a Three Rivers Community Health Group, has announced that it is notifying patients following a phishing attack which saw patient data compromised.  Perry Country Medical Center, a health care centre based in Linden, Tennessee, noticed … Read more

Presbyterian Healthcare Services Notifies 183,000 Patients Following Data Breach

Presbyterian Healthcare Services is notifying 183,000 patients that an unauthorised individual accessed their personal data.   The hackers gained access to the patient data after successfully fooling several employees into handing over their login credentials through a phishing campaign. The … Read more

Ransomware Attack at Imperial Health Affects 110,000 Patients

A ransomware attack at Imperial Health has compromised the protected health information of more than 116,000 patients.   On May 19, 2019, Imperial Health, a physicians’ network in Southwest Louisiana, discovered that an unauthorized party had installed ransomware onto the … Read more

Wise Health Phishing Attack Affects 36,000 Patients

Wise Health System is sending breach notification letters to 36,000 patients following a phishing attack on their system. Wise Health System is a health care system with over 1,900 employees based in Decatur, Texas. The breach occurred on March 14, … Read more

Dominion Health Data Breach Affects 3 Million Members

Dominion National is notifying patients of a data security incident that first stated in 2010 and has affected nearly 3 million members. Dominion National is a health insurer, health plan administrator, and administrator of dental and vision benefits based in … Read more

Microsoft June 2019 Patch Tuesday

Microsoft has issued patches for 88 vulnerabilities this patch Tuesday. Of the vulnerabilities, 20 were rated critical. One servicing stack and 4 advisories were also released in the update. Microsoft stated that there was no evidence to suggest that threat … Read more

Microsoft May 2019 Patch Tuesday

Microsoft has issued patches for 79 vulnerabilities this May 2019 Patch Tuesday. Of the vulnerabilities, 22 were rated critical. Adobe also issued patches for 84 vulnerabilities, 50 of which were critical. One critical flaw addressed by Microsoft left affected users … Read more

Southern Hills Eye Care Ransomware Attack Reported

Southern Hills Eye Care in Sioux City, Iowa, has announced that a recent ransomware attack on their facility may have compromised patient PHI. Ransomware is a variant of malware that prevents which hackers use to extort victims. The malware prevents … Read more

DePaul Reports Phishing Compromised Employee Email Account

The assisted living facility provider DePaul has announced that a successful phishing attack on its networks has compromised patient data. DePaul, which operates facilities in New York, North Carolina, and South Carolina, discovered the breach on February 1, 2019. IT … Read more

Data Breach at Rush University Medical Center Affects 45,000 Patients

Rush University Medical Center has announced that a data breach incident at a financial services vendor has compromised the PHI of 45,000 of their patients. The financial services vendor informed Rush of the incident on January 22, 2019. A member … Read more

Unauthorised Individual Gains Access to St. Francis Health System Patient Data

The Bon Secours St. Francis Health System has announced that unauthorised individual gained access to some of their patients’ protected health information (PHI). The hacker compromised the systems of Milestone Family Medicine, a medical facility based in Greenville, SC. Milestone … Read more

ICS-CERT Issues Medical Advisory for Vulnerabilities Found in BD FACSLyric Flow Cytometry Solution

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued a medical advisory about vulnerabilities found in the BD FACSLyric flow cytometry solution. ICS-CERT is a governmental organisation that works to reduce the risk of cybercrime to US businesses. … Read more

Cyberattack Disrupts Printing of Major Newspapers

An investigation has been launched into a recent cyberattack that disrupted the printing of several major newspapers. The cyberattack on Tribune Publishing, attributed to a malware infection, caused disruption to several newspaper print runs including those of the Los Angeles … Read more

Cancer Centers of America Falls Victim to Phishing Attack

Cancer Centers of America’s Western Regional Medical Center in Bullhead City, Arizona, has recently fallen victim to a phishing attack which has exposed the protected health information (PHI) of over 41,000 individuals. The attack occurred due to one of its … Read more

Massive Marriott Data Breach Discovered: 500 Million Guests Affected

A massive Marriott data breach has been detected which could affect as many as 500 million individuals who previously made bookings at Starwood Hotels and Resorts. While the data breach is not the largest ever reported – The 2013 Yahoo … Read more

Beazley’s Publishes Breach Insights Report for Q3 2018

Beazley’s, a specialist insurance group, has released their quarterly Breach Insight Report for Q3 2018. The report concerned the attacks managed by Beazley Breach Response Services, which deals with the aftermath of an attack, including the investigation and the breach … Read more

Twin Phishing Attacks on Children’s Hospital of Philadelphia’s Results in Data Breach

Children’s Hospital of Philadelphia (CHOP) has announced that the email accounts of two employees have been compromised following cyberattacks on two August 23 and August 29, 2018. On August 24, CHOP, a paediatric healthcare facility and primary care provider, discovered … Read more

Reliable Respiratory Falls Victim to Phishing Attack

Reliable Respiratory, a respiratory care provider, has announced that it has fallen victim to a phishing attack. Reliable Respiratory, based in Norwood, MA, stated that IT staff discovered the breach when they detected suspicious activity on an employee’s email account … Read more

Medical Data from Closed Pennsylvania Obs/Gyn Clinic Found at Allentown Public Recycling Center

Private Medical Data has been found at a recycling center in Allentown, Pennsylvania. Paper files containing names, Social Security numbers, and medical histories, including details of cancer diagnoses and sexually transmitted diseases were located that the center by a city worker. … Read more

12,172 Individuals Impacted by ShopRite Data Breach

Pharmacy customers of ShopRite Supermarkets, Inc. have been impacted by a security violation caused by the improper disposal of a device used to record the signatures of customers. The device was used at the ShopRite, Kingston, NY location during the … Read more