Health Data

Five Former Methodist Hospital Employees Charged with HIPAA Violations

Criminal prosecutions under HIPAA are still relatively rare. Here’s one reported by the U.S. Attorney’s Office in the Western District of Tennessee on November 10: Memphis, TN – A federal grand jury has indicted five former Methodist Hospital employees for conspiring with Roderick Harvey, 40, to unlawfully disclose patient information in violation of the Health...

Surprise: Daniel Kaye, operator of The Real Deal, pleads guilty to one count, is sentenced to time served, and is released.

It seems like only weeks ago that the U.S. Attorney’s Office for the Northern District of Georgia was trumpeting the arraignment of Daniel Kaye, who had been indicted last year. Oh wait, it was only weeks ago. Kaye, also known as “Popopret,” “Bestbuy,” “TheRealDeal,” “Logger,” “David Cohen,” “Marc Chapon,” “UserL0ser,” “Spdrman,” “Dlinch Kravitz,” “Fora...

New York-Presbyterian Hospital discloses breach affecting 12,000 patients

New York-Presbyterian Hospital posted a notice on their website on November 11. The incident has not yet shown up on HHS’s public breach tool, but undoubtedly will.  Here is the description of the incident, as provided by the hospital: On September 8, 2022, NewYork-Presbyterian Hospital’s data security monitors received an alert of suspicious activity...

CO: Salud Family Health breached in September, leaked in November

On October 5, Salud Family Health in Colorado notified HHS of a breach, but only provided a “marker” of 501 affected.  On November 4, they provided notice that said the types of information that might have been accessed or taken included in a cyberattack included: patients’ name, Social Security number, driver’s license number or...

Avamere Health Services updates its breach disclosure

Back in July, DataBreaches reported on an Avamere Health Services breach. Avamere has now updated their breach notification. Their newer notice is being provided on behalf of the following entities to whom Avamere is a Business Associate as defined under the Health Insurance Portability and Accountability Act (“HIPAA”): A-One Home Health Services, LLC Avamere...

20 million Americans in 21 states ‘are still at risk of dangerous healthcare after cyberattack’: IT breach at one of biggest hospital chains in the US has already caused overdoses, cancer delays and ambulance diversions

Caitlin Tilley reports: Twenty million Americans are at risk of ‘dangerous’ healthcare after a cyberattack at one of the country’s biggest hospital chains last month, security experts have told DailyMail.com. CommonSpirit Health — a system that runs 140 hospitals, and more than 1,000 care sites including cancer clinics, surgery hubs and stroke centers— suffered a major IT...

Yale Medicine discloses breach of doctor’s prior patient records system

From an incident report appearing on Yale Medicine’s website: Yale Medicine has discovered a cybersecurity incident, involving the records of patients seen by Dr. Tito Vasquez at his former practice, Connecticut Plastic Surgery Group LLC, between 2009 and May 2021. This notice concerns a data security event that may have resulted in unauthorized access...

HC3: Analyst Note: Venus Ransomware Targets Publicly Exposed Remote Desktop Services

November 9, 2022  TLP: Clear  Report: 202211091400 Executive Summary HC3 is aware of at least one healthcare entity in the United States falling victim to Venus ransomware recently. The threat actors behind Venus ransomware operations are known to target publicly exposed Remote Desktop Services to encrypt Windows devices. This report provides additional information, indicators...