In August 2021, the Vice Society ransomware operation published data on its data leak site that had allegedly been obtained in a ransomware attack on United Health Centers of San Joaquin Valley.  On August 31, 2021, Bleeping Computer was made aware of the data leak and made multiple attempts to notify United Health Centers. Databreaches.net… Read More »

Novant Health has recently notified patients about a breach of their protected health information due to the incorrect configuration of Meta Pixel code on its patient portal. Code Snippet Sending Sensitive Patient Data to Meta Earlier this year, an investigation conducted by The Markup into the use of Meta Pixel code on healthcare providers’ websites… Read More »

Senator Angus S. King Jr. (I-ME) and Congressman Mike Gallagher (R-WI), Co-Chairs of the Cyberspace Solarium Commission, have written to HHS Secretary, Xavier Becerra, to voice their concerns about the lack of sharing of actionable threat information with industry partners to help the health and public health sector (HPH) address current cybersecurity gaps. In the… Read More »

Multiple ransomware groups have adopted the BazarCall callback phishing technique to gain initial access to victims’ networks, including threat actors that have targeted the healthcare sector. BazarCall is a type of callback phishing, where organizations are targeted and sent ‘phishing’ emails that request a call to a telephone number to resolve an important issue. As… Read More »

The Michigan-based health plan provider, Priority Health, has confirmed that it has been affected by a data breach at a business associate, the law firm Warner Norcross & Judd (WNJ). WNJ identified suspicious network activity on October 22, 2021. Steps were immediately taken to prevent further unauthorized access and a digital forensics firm was engaged… Read More »

A malicious phishing campaign has been identified that is targeting healthcare providers. The emails have an Evernote-themed lure to trick recipients into downloading a Trojan file that generates a login prompt to steal credentials. The Health Information Cybersecurity Coordination Center (HC3) has recently issued an alert about the campaign which has targeted several healthcare providers… Read More »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a joint security alert about the Zeppelin ransomware-as-a-service (RaaS) operation, which has extensively targeted organizations in the healthcare and medical industries. Zeppelin ransomware, a variant of Vega malware, has been used in attacks on critical infrastructure organizations since… Read More »

Ransomware attacks are rife, hacking incidents are being reported at high levels, and there have been several very large healthcare data breaches reported so far in 2022; however, our analysis of healthcare data breaches reported in 1H 2022, shows that while data breaches are certainly being reported in high numbers, there has been a fall… Read More »

Zenith American Solutions, a third-party administrator for the Sound Health and Wellness Trust, has recently notified individuals about a mailing error that exposed individuals’ Social Security numbers. According to the breach notification, a mailing was sent to individuals on June 24, 2022, advising them to complete their Personal Health Assessments or Health Profiles to enroll… Read More »

The American Data Privacy and Protection Act (ADPPA) was introduced in June, was substantially revised within a matter of days, and last month a new draft of ADPPA law was introduced with further revisions. The revised ADPPA has attracted considerable bipartisan support and sailed out of the committee with a vote of 53-2, and there… Read More »