Jun 192019

Sarah Jane Bell and Ross Kay report that an undisclosed numbers of Specsavers customers have had their personal and medical information stolen:

“Contents may include your name, date of birth, address, phone number, email address, clinical records of your optometry tests, and Medicare details,” the email read.

How the information was compromised is still being investigated, but it appears a physical computer server was stolen.

Read more on ABC.

Jun 192019

Dana Kozlov reports on tremendous amount of paper medical records left behind behind the now-shuttered former Medical Professional Home Healthcare Center in Chatham.

Read more on CBS and their follow-up here. 

So okay, folks, you really need to at least look at the pictures in those stories. It’s *disgusting* what has happened to patients’ records.

As you read the coverage, you’ll learn that the owner of the center, Carmen Dooley, had lost their state health department license in 2017 for failure to file the renewal papers. As a result, facility was also decertified by Medicare in 2017, and seems to have been shuttered then. But papers were left on-site it seems.  Until something happened now.

This is one of those cases where both the state and HHS/OCR should investigate and take enforcement action.

Jun 192019

Catalin Cimpanu reports:

Eatstreet, an online and mobile food ordering service, disclosed today a security breach that took place last month and during which a hacker stole the company’s database, complete with customer and partner details.

ZDNet has learned that responsible for this breach is Gnosticplayers, a hacker who previously breached many other online services, including big names such as Canva, 500px, UnderArmor, ShareThis, GfyCat, Ge.tt, Evite, and others.

Read more on ZDNet.


Jun 182019

And yet another ransomware incident. They do not disclose the number of patients who were notified about this. Of note, sounds like their recovery was pretty smooth because they were prepared.

BOSTON, June 18, 2019 /PRNewswire/ — Tenx Systems, LLC d/b/a ResiDex Software (“ResiDex”) specializes in providing software for assisted living homes, group homes, and organizations providing care for the elderly or disabled, including Youville House, Youville Place and Wingate Healthcare (collectively “the Facilities”).  ResiDex recently identified and addressed a security incident that may have involved personal information and/or protected health information of the current, former or prospective residents and/or staff members of the Facilities.  ResiDex began providing notice on June 7, 2019 to all individuals potentially impacted by this incident.  This release describes the incident, outlines measures that ResiDex has taken in response, and advises potentially impacted individuals on steps that they may take to further protect their information.

On April 9, 2019, ResiDex became aware of a data security incident, including ransomware, which impacted our server infrastructure and took our systems offline.  ResiDex immediately undertook efforts to restore its servers to a new hosting provider.  Backups and other information maintained by ResiDex were used to enable near seamless restoration of security and services on the same day.  Additionally, ResiDex took affirmative steps to further safeguard its software systems.  ResiDex simultaneously retained a forensic investigation firm to determine the nature of the security compromise and identify any individuals whose personal information and/or protected health information may have been compromised.

The forensic investigation was unable to identify any specific individuals whose personal information and/or protected health information may have been compromised due to the complexity of the event and efforts undertaken by the perpetrators to conceal their actions.  The investigation did determine that first access to ResiDex’s systems occurred on approximately April 2, 2019, with the ransomware launched on April 9, 2019.

The data security incident may have resulted in unauthorized access to protected health information, including medical records that existed on ResiDex’s software as of April 9, 2019, and/or personal information including names and social security numbers.  Please note that it is entirely possible that any one individual who is/was a current, former or prospective resident or staff member of the Facilities did not have their personal information and/or protected health information compromised as a result of the incident.  Nonetheless, notification has been provided to all potentially impacted individuals in an abundance of caution.

Individuals who have received a notification or who believe that they may have potentially been impacted by this incident are invited to contact (877) 347-0184 between 9:00 a.m. and 9:00 p.m. Eastern Standard Time, Monday through Friday.  ResiDex and the Facilities understand the importance of protecting the protected health information and personal information maintained on its systems and deeply regrets any concern that this may have caused the potentially impacted individuals.

SOURCE Tenx Systems, LLC d/b/a ResiDex Software