The protected health information (PHI) of 116,898 patients of Waterville, MA-based HealthReach Community Health Centers has been exposed and potentially compromised. HealthReach Community Health Centers, which operates 11 community health centers in Central and Western Maine, discovered a worker at a third-party data storage facility had improperly disposed of hard drives that contained the data… Read More »

Two DuPage Medical Group patients are taking legal action against the healthcare provider following a July 2021 ransomware attack in which patients’ protected health information was exposed. DuPage Medical Group suffered the ransomware attack in mid-July. The forensic investigation determined unauthorized individuals had gained access to its computer network between July 12 and July 13,… Read More »

Jackson Health has launched an investigation into a nurse social media violation after photographs of a baby with a birth defect were posted on Facebook. A nurse who worked in the neonatal intensive care unit at Jackson Memorial Hospital posted two photographs on Facebook of a baby with gastroschisis – a rare birth defect of… Read More »

The health and public health sector is facing an elevated risk of ransomware attacks by affiliates of the BlackMatter ransomware-as-a-service (RaaS) operation, according to the Health Sector Cybersecurity Coordination Center (HC3) of the Department of Health and Human Services. The BlackMatter threat group emerged in July 2021 shortly after the DarkSide ransomware gang shut down its… Read More »

The Department of Health and Human Services’ Office for Civil Rights (OCR) has imposed its 20th financial penalty under the HIPAA Right of Access enforcement initiative that was launched in late 2019. Children’s Hospital & Medical Center (CHMC), a pediatric care provider in Omaha, Nebraska, has been ordered to pay a penalty of $80,000 to… Read More »

The Wedge Recovery Centers, a mental health service provider based in Philadelphia, Pennsylvania, discovered suspicious activity within the computer network on June 25, 2021 which indicated unauthorized individuals had breached the security defenses. Steps were immediately taken to block further access and an investigation was launched to determine the nature and scope of the breach.… Read More »

Denton County in Texas has discovered a vulnerability in a third-party provider application used in connection with individuals’ personal health information has potentially been exploited by unauthorized individuals. The application was used at COVID-19 vaccination clinics in the County, and contained information such as names, dates of birth, email addresses, phone numbers, and COVID-19 vaccination… Read More »

The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) has recently released the final version of the NIST Cybersecurity Practice Guide SP 1800-13, Mobile Application Single Sign-On: Improving Authentication for Public Safety First Responders. Public safety and first responder (PSFR) personnel require on-demand access to public safety data in order… Read More »

LifeLong Medical Care, a Californian healthcare provider serving patients in Alameda, Contra Costa, and Marin Counties, has notified certain patients whose protected health information was impacted in a ransomware attack on the third-party vendor Netgain Technologies. Netgain Technologies discovered a security breach on November 24, 2020 involving ransomware. An internal investigation into the breach determined… Read More »