Health Data

Central Florida Inpatient Medicine notifies 197,733 patients after employee email account compromised last year

Central Florida Inpatient Medicine (CFIM) is notifying 197,733 patients whose protected health information (PHI) was in an employee’s email account that was accessed by an unauthorized individual between August 21, 2021 and September 17, 2021. CFIM does not indicate when they first discovered that there had been a breach or how they first discovered...

Updates to the MCG Health Breach Incident

For initial coverage, read this post. Updates: A threat actor, “Twister Canyon,” claims that MCG Health has made false claims about the incident. Their claims can be found in the Comments section under the original post.  MCG Health was asked to respond to their claims but have not replied as of this June 14...

OCR Presents: Recognized Security Practices Video Presentation

The HHS Office for Civil Rights (OCR) is producing a pre-recorded video presentation for HIPAA covered entities and business associates (regulated entities) on “recognized security practices,” as set forth in Public Law 116-321 (Section 13412 of the Health Information Technology for Economic and Clinical Health Act (HITECH). The statute requires OCR to take into...

Personal and sensitive files from Tehama County Social Services leaked on dark web. Have the victims been notified?

On their dark web blog, Quantum threat actors claim to have acquired 32 GB of files from Tehama County Social Services in California. Quantum describes the files as involving information of county clients and employees: Financial information, budgets, fiscal docs, contracts, HR data, resumes, payrolls, clients personal data, scans ID, scans SSN, personal info,...