Health Data

Romanian entities issued monetary penalties for infosecurity and data protection failures

Regulators in Romania have issued monetary penalties to six Romanian entities for insufficient technical and organizational measures to ensure information security. Two other entities were issued fines for other GDPR violations. The fines for insufficient technical and organizational measures ranged from 1,000 to 10,000 euros. Two of the entities were in the medical center....

New threat group hacked EU healthcare agency and embassies, researchers say

Jonathan Greig reports: A new hacking group is targeting European countries and organizations in an espionage campaign that began in June 2022, according to new research. Cisco’s Talos cybersecurity team calls the new group “YoroTrooper” and said it has already successfully compromised accounts connected to a “critical” European Union healthcare agency and the World...

AllCare Plus Pharmacy notifies 5,971 patients of phishing incident last year

AllCare Plus Pharmacy, Inc. is an IQVIA business in Massachusetts. This week, they notified the Maine Attorney General’s Office of a phishing incident that affected 5,971 patients. According to their notification, on June 21, 2022, AllCare discovered that some employees had received phishing emails. Their investigation revealed that some of the employees’ accounts had...

NorthStar Emergency Medical Services notifies 82,450 patients of September hacking incident

NorthStar Emergency Medical Services in Alabama is notifying 82,450 patients of an incident last year that involved protected health information. According to a notification letter and press release by NorthStar, on September 16, 2022, NorthStar detected abnormal activity in their network. Investigation subsequently revealed that an unauthorized actor had accessed files containing protected health...

Jelly Bean Communications Design and its Manager Settle False Claims Act Liability for Cybersecurity Failures on Florida Medicaid Enrollment Website

There’s an update to the Florida Healthy Kids breach that was due to their vendor, Jelly Bean Communications, not patching vulnerabilities for seven years. The incident was reported to HHS in January 2021 as impacting 3.5 million patients. Today, the U.S. Department of Justice announced: Jelly Bean Communications Design LLC (Jelly Bean) and Jeremy...

No need to hack when it’s leaking, DC Health Link edition

On March 12, DataBreaches reported on the Health Benefit Exchange Authority data that was first leaked by a forum user  known as “IntelBroker” and then by “Denfur.” The DC Health Link incident attracted a lot of media attention because it involved members of Congress, their staff, and their families. As StateScoop reported today,  DC...