The HHS Office for Civil Rights (OCR) will be producing a pre-recorded webinar for HIPAA covered entities and business associates (collectively, “regulated entities”) discussing how the Security Rule can help regulated entities defend against cyber-attacks. The webinar will discuss real world cyber-attack trends from OCR breach reports and investigations and explore how implementation of...
The Jerusalem Post reports: The Kfar Shaul Mental Health Center in Israel’s capital of Jerusalem was hit with a suspected cyberattack, the Health Ministry said Tuesday. The ministry’s cyber security department, as well as Israel’s Cyber Authority, are looking into the incident. The Times of Israel also reports a cyberattack, but says the suspected...
One of the newer ransomware groups to open a leak site is “ThreeAM.” Bleeping Computer recently reported that the ThreeAM malware is written in Rust, and on at least one occasion, researchers discovered that when LockBit failed, ThreeAM (aka 3AM) was successfully deployed. Symantec has more details on the malware and the group’s methods....
Add yet one more business associate to those affected by the Clop attack on Progress Software MOVEiT. Nuance has disclosed that it was affected by the May attacks. Although no number was revealed, the Microsoft-owned technology firm stated it was disclosing on behalf of: Atrium Health, the Charlotte-based health care system giant. Catawba Valley...
Gretchen Hjelmstad reports: The imaging vendor Sanford Health uses for its mobile heart screen trucks, DMS Health Technologies, experienced a data security incident between March 27 and April 24, 2023. According to Sanford Health, patient information was potentially compromised including name, date of birth, date of service, physician name and exam type. Sanford Health...
On September 7, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), in coordination with the United Kingdom, sanctioned 11 individuals who are alleged to be part of the Russia-based Trickbot cybercrime group. At the same time, the U.S. Department of Justice (DOJ) unsealed indictments against nine individuals in connection with...
In March, Texas Medical Liability Trust on behalf of itself and its affiliates, Texas Medical Insurance Company, Physicians Insurance Company, and Lone Star Alliance, Inc., a Risk Retention Group (collectively “TMLT”) filed a breach notification with the Maine Attorney General’s Office. That submission indicated that 625 individuals had been affected by a breach that...
On August 29, DataBreaches reported that Hospital Sisters Health System (HSHS) and Prevea Health appeared to have been the victims of a ransomware attack. As of today, the notice on Prevea Health states, “HSHS and Prevea are experiencing a systemwide outage of clinical and administrative applications.” Prevea continues to describe it as a temporary...
Updated September 13: This incident was reported to HHS as affecting 1,654 patients. On September 11, Psych Associates of Maryland LLC d/b/a Bloom Health Centers (“Bloom Health”), a mental health service provider, announced a data security incident that involved the personal and protected health information of some clinicians and patients. Before digging into the...
Mount Desert Island Hospital updates its breach disclosure again but still doesn’t reveal what data were leaked