Memorial Health System Confirms 216K Patients Affected by August 2021 Ransomware Attack

Ohio-based Memorial Health System has recently confirmed the ransomware attack it experienced in August 2021 potentially involved the protected health information of 216,478 patients. The ransomware attack forced the health system to divert certain patients to other facilities and cancel some appointments to ensure patient safety. The attack was announced shortly after the breach, which… Read More »

CISA Urges All U.S. Orgs to Take Immediate Action to Protect Against Wiper Malware Attacks

The DHS’ Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to all organizations in the United States to take immediate steps to prepare for attempted cyberattacks involving a new wiper malware that has been used in targeted attacks on government agencies, non-profits, and information technology organizations in Ukraine. The malware – dubbed Whispergate… Read More »

Mass General Brigham Settles ‘Cookies Without Consent’ Lawsuit for $18.4 Million

An $18.4 million settlement has been approved that resolves a class action lawsuit against Mass General Brigham over the use of cookies, pixels, website analytics tools, and associated technologies on several websites without first obtaining the consent of website visitors. The defendants in the case operate informational websites that provide information about the healthcare services… Read More »

Healthcare Providers and Health Plans Report Phishing-Related PHI Breaches

Email accounts containing the protected health information (PHI) of thousands of patients have been compromised at Loyola University Medical Center, Advent Health Partners, Signature Healthcare Brockton Hospital, and Welfare, Pension and Annuity Funds of Local No. ONE, I.A.T.S.E. Welfare, Pension, and Annuity Funds of Local No. ONE, I.A.T.S.E Welfare, Pension, and Annuity Funds of Local… Read More »

Entira Family Clinics and Caring Communities Send Notification Letters About Netgain’s 2020 Ransomware Attack

A Minnesota network of family medicine practices started notifying almost 200,000 patients that some of their personal and protected health information was potentially compromised in a cyberattack on a business associate more than a year ago. Entira Family Clinics explained in the notification letters, which were sent to affected individuals on January 13, 2022, that… Read More »

HHS Releases Final Trusted Exchange Framework and Common Agreement

The Department of Health and Human Services’ Office of the National Coordinator for Health IT has released the final version of its Trusted Exchange Framework and the Common Agreement (TEFCA) – a governance framework for nationwide health information exchange. Two previous versions of TEFCA have been released, the first in 2018 and the second in… Read More »

December 2021 Healthcare Data Breach Report

56 data breaches of 500 or more healthcare records were reported to the HHS’ Office for Civil Rights (OCR) in December 2021, which is a 17.64% decrease from the previous month. In 2021, an average of 59 data breaches were reported each month and 712 healthcare data breaches were reported between January 1 and December… Read More »

Online Pharmacy Notifies 105,000 Patients About Cyberattack and Potential Theft of PHI

The Auburndale, FL-based digital pharmacy and health app developer Ravkoo has started notifying certain patients that some of their sensitive personal information has been exposed and potentially obtained by an unauthorized individual. Ravkoo hosts its online prescription portal on Amazon Web Services (AWS). The portal was targeted in a cyberattack that was detected on September… Read More »