Health Data

California Attorney General Reminds Health App Providers of Obligations to Protect Reproductive Health Information

Hunton Andrews Kurth writes: On May 26, 2022, California Attorney General Rob Bonta issued a press release reminding health app providers that California’s Confidentiality of Medical Information Act (“CMIA”) applies to mobile apps that are designed to store medical information, which includes health apps such as fertility trackers. The press release reminds health app providers that...

Shields Health Care Group notifies 2,000,000 patients after hack

Shields Health Care Group, Inc. (“Shields”) provides management and imaging services for dozens of covered entities in New England. On March 28, 2022, Shields was alerted to suspicious activity that may have involved data compromise.  Their investigation discovered that an unknown threat actor had access to certain systems between March 7 and March 21...

Novartis says no sensitive data was compromised in cyberattack

Lawrence Abrams reports: Pharmaceutical giant Novartis says no sensitive data was compromised in a recent cyberattack by the Industrial Spy data-extortion gang. Industrial Spy is a hacking group that runs an extortion marketplace where they sell data stolen from compromised organizations. Yesterday, the hacking group began selling data allegedly stolen from Novartis on their...

Health P.E.I. alerts public of privacy breach after laptop stolen

Shane Ross reports: More than 4,000 patients and 1,200 Health P.E.I. employees are being notified of a privacy breach after an employee’s laptop was stolen in April. In a news release issued Wednesday, Health P.E.I. said the stolen laptop was password protected and information technology staff took steps to secure the information as soon...

Costa Rica’s public health agency hit by Hive ransomware

Sergiu Gatlan reports: All computer systems on the network of Costa Rica’s public health service (known as Costa Rican Social Security Fund or CCCS) are now offline following a Hive ransomware attack that hit them this morning. Hive, a Ransomware-as-a-Service (RaaS) operation active since at least June 2021, has been behind attacks on over 30 organizations, counting only the...

AU: NDIS case management system provider breached

Justin Hendry reports: A security breach of a cloud-based client management system used by National Disability Insurance Scheme (NDIS) service providers has exposed a “large volume” of health and other sensitive data. CTARS, a Sydney-based software and analytics provider for the disability and care sectors, this week revealed an unauthorised third-party had gained access...