Data breaches or leaks involving health or medical data.
Newsday reports: A Lake Success-based home health care company reached a $350,000 settlement with the state after failing to protect the health care data of more than 316,800 New Yorkers, the state attorney general said Wednesday. Personal Touch Holding Corp., which provides home health care and hospice services through subsidiary companies, had an “informal and […]
Colorado Attorney General Phil Weiser announced a settlement with Broomfield Skilled Nursing and Rehabilitation Center, LLC. The settlement arose from a 2021 data breach affecting patient and employee data. The state claimed that Broomfield violated a number of state laws that are specifically identified in the assurance of discontinuance (settlement). The following is the press […]
Bloomberg Law reports that MultiCare Health System will get another chance to avoid liability for attempts to recoup wage overpayments in litigation following a hack of its vendor timekeeping system Kronos in 2021. With the timekeeping system not functioning due to a ransomware attack, many firms wound up using old wage statements or other methods […]
Human error in configuring data storage continues to result in massive leaks or potential leaks of personal and sensitive health data. In today’s news, we learned that CrelioHealth left an Elasticsearch cluster exposed. Luckily for them, it was a whitehat researcher, Bob Diachenko of SecurityDiscovery, who spotted the problem and contacted them to alert them. […]
Today, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement of potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Rules with LA Care, the nation’s largest publicly operated health plan that provides health care benefits and coverage through state, federal, and commercial programs. OCR enforces the HIPAA […]
The U.S. government is struggling to convince hospitals that they need to spend time and money fighting hackers and provide useful advice to them, a problem that could have lethal consequences as the country’s ransomware crisis rages on. “I don’t think we’ve figured out how to talk to the small and medium-sized organizations in a […]
In September 2021, Jackson County Schneck Memorial Hospital (Schneck Medical Center) in Indiana disclosed that they had been a victim of a cyberattack. Their first statement is no longer available on their website but was archived by a news site. That statement did not disclose that personal and protected health information had been accessed and […]
The Federal Trade Commission finalized an order with 1Health.io that settles charges that the genetic testing firm left sensitive genetic and health data unsecured, deceived consumers about their ability to get their data deleted, and changed its privacy policy retroactively without adequately notifying consumers and obtaining their consent. In a complaint first announced in June 2023, the […]
Prospect Medical Holdings has now confirmed what already seemed clear to researchers and those who check leak sites. The threat actors did get files with personal information. Prospect Medical Holdings is confirming new details about a massive data theft from three Connecticut hospitals and others around the country in a nearly month-old cyber attack by a shadowy […]
2023 Ponemon Healthcare Cybersecurity Report
In its second annual Study on Cyber Insecurity in Healthcare, Proofpoint sponsored a Ponemon survey of 653 IT and IT security practitioners to find out how much progress the industry has made in the past year. Here are just a few highlights from this year’s report: You can access the full report on Proofpoint’s website.