May 092019

I’m not finding anything on their web site just yet, but Spectrum Health Lakeland has reportedly been notifying patients about a breach involving their billing provider, OS Inc. 

WSJM reports that the health system learned of the breach on March 8 after an OS employee’s email account containing patient information was accessed without authorization. The information in the account included patient names and addresses, the type of health services provided, dates, diagnosis information, and health insurance providers.

Spectrum Health Lakeland has reportedly just notified another 1,000 patients about the breach, but we do not yet know the total number of patients affected, it seems. The hospital has arranged for free credit monitoring for those affected.

OS, Inc. has posted a data security notice on their site, reproduced below. The notice gives the timeframe of events:

On or about December 21, 2018, we learned of suspicious activity occurring within an OS employee’s email account. We immediately changed the user’s credentials and launched an investigation. We also began working with forensic experts to determine the nature and scope of the suspicious activity.On February 20, 2019,the investigation confirmed that an unauthorized actor gained access to the employee’s email account from October 15, 2018 through December 21, 2018, utilizing account credentials harvested through a phishing email campaign.

The notification indicates that beginning May 2, OS was providing notifications to patients of the following clients: Tahoe Forest Health District, Sparta Community Hospital, Sauk Prairie Healthcare, Inc., and the Idaho Department of Health and Welfare. It’s not clear how many other clients, like Spectrum Health Lakeland, may be doing the notifications themselves.

This post may be updated as more information becomes available.

OS Website Notice - 5.7.19
May 032019

Michigan’s Attorney General is aware of the Inmediata breach and its incident response cock-up that has been reported on this site.  People have been complaining here and some have called the state to complain.

Remember that in addition to complaining to your state consumer protection bureau or state insurance department, you can also file a complaint online with the U.S. Department of Health and Human Services.

As seen on AG Nessel’s web site yesterday:

LANSING – Michigan Attorney General Dana Nessel and Department of Insurance and Financial Services (DIFS) Director Anita G. Fox today alerted Michigan consumers to a data breach affecting Inmediata Health Group, which provides billing and other administrative services to health care providers and health plans around the country. Nessel encouraged residents to take extra precautions to help protect information that may have been compromised.

The breach exposed personal and medical information, which varies between individuals, but can include patient names, addresses, dates of birth, social security numbers, gender, and medical claim information like dates of service, diagnosis codes, procedure codes and treating physician.

The Attorney General’s Office became aware of the breach when two consumers called its Consumer Protection Division after receiving multiple letters from the company dated April 22, 2019, including some misaddressed to other persons.  It is unclear how many Michigan residents were impacted at this time, and Nessel’s Corporate Oversight Division is seeking additional information about the breach through a letter to Inmediata to determine its impact in Michigan.

“We have an opportunity to improve Michigan law by adding the Attorney General’s Office as a required state department to be notified by companies impacted by data breaches,” said Nessel

“Data breaches can be devastating to the affected individuals,” she added. “It’s important this office provide affected customers with any and all available resources to help limit the effects of this – or any – breach. And today, we’re doing just that.”

“Individuals who have been notified that their personal information may have been exposed in the Inmediata data breach are encouraged to closely monitor their financial accounts,” said Fox.  “If suspicious activity is detected it should be immediately reported to the individual’s financial institution.”

Data breaches are becoming increasingly common in today’s highly tech-savvy society. This is the second breach since the Attorney General took office that she learned of from sources other than the company itself. The last breach was Wolverine Solutions Group.

Affected individuals of any data breach and all Michiganders can take these steps to further protect their information:

  • Find out what information was compromised and act accordingly.
  • Pull your free credit report at or by calling 877-322-8228.
  • Put a fraud alert on your credit file. The Federal Trade Commission provides a checklist for this.
  • Consider a security freeze on your credit file.
  • Take advantage of any free services being offered as a result of the breach.
  • Use two-factor authentication on your online accounts whenever it’s available.

For more information on what to do during a data breach, review the Michigan Attorney General’s consumer alert on data breaches. A toll-free information hotline is being provided by the company to answer consumer questions at 833-389-2392.


May 012019

Joseph Cox reports:

Hackers have broken into an internet infrastructure firm that provides services to dozens of the world’s largest and most valuable companies, including Oracle, Volkswagen, Airbus, and many more as part of an extortion attempt, Motherboard has learned. The attackers have also released data from all of those companies, according to a website seemingly set up by the hackers to distribute the stolen material.

Citycomp, the impacted Germany-based firm, provides servers, storage, and other computer equipment to large companies, according to the company’s website. Michael Bartsch, executive director of Deutor Cyber Security Solutions, a firm Citycomp said was authorized to speak about the case, confirmed the breach to Motherboard in an email Tuesday.

Read more on Motherboard.

CityComp’s statement on the incident can be found here.  It’s a strong statement worth reading.

An onion site with the data dump remains available as of the time of this posting.  Some of the data dumped by the hackers, who appear to be linked to a ransomware team that uses the same protonmail email address, appears to be routine business files such as spreadsheets with client employees’ names, functions, phone numbers, mobile numbers, and email addresses. Other files contain other types of information. is still reviewing the files, but Charlie Osborne of ZDNet reported earlier that:

customer email addresses and telephone numbers, meetings reports, asset lists — such as servers and other equipment connected to a customer account — as well as some payroll records, project sheets, and accountancy statements were all available.

While has not confirmed the authenticity of any of the data, CityComp’s statement does not suggest that there is any question about the authenticity of the data, and they notified all their clients.

There will undoubtedly be a number of updates to this story.  I’d love to know why the hackers just dumped so much data instead of trying to sell it off, so I’ve emailed them to ask them, and if I get an explanation, I’ll update this.

Apr 302019

Reading the comments under the Inmediata press release is like watching a train wreck happen right in front of you.

Many people are reporting that they have received multiple notification letters from Inmediata — many with the names of people who are unknown to them and who do not live at their address. One person wrote:

I got 5 letters, one with my husband’s name, one with my son’s, and 3 more for people who have nothing to do with us or our address. I called today, they took down the names of the three people whose letters were sent to us and couldn’t comment further- other than they are getting a lot of these calls. I also asked for them to tell me where the breach occurred and they told me to expect a call back on that in 3 days. We shall see.

The comments suggest a major mail disaster that is exposing patients’ names to other patients.

And that can’t be good.

The post is here.

Apr 262019

From their press release:

Inmediata Health Group, Corp. (“Inmediata”) recently became aware of a data security incident that may have involved the limited personal and medical information of some of its customers’ patients. Inmediata is directly mailing notification letters to individuals who may have been affected by this incident and to provide resources to assist them.

In January 2019, Inmediata became aware that some electronic health information was viewable online due to a webpage setting that permitted search engines to index internal webpages that Inmediata uses for business operations. Immediately after Inmediata became aware of the incident, the company deactivated the website and engaged an independent computer forensics firm to assist with an investigation. Based on the current findings of the ongoing investigation, Inmediata has no evidence that any files were copied or saved. In addition, Inmediata has yet to discover any evidence to suggest that any information potentially involved in this incident has been subject to actual or attempted misuse.

The information potentially involved in this incident may include patients’ names, addresses, dates of birth, gender, and medical claim information. A very small group of the potentially impacted people may have Social Security numbers involved as well. The letters mailed to the affected individuals specifically state what data of theirs may have been impacted.

Although Inmediata is unaware of the misuse of any involved information, out of an abundance of caution, Inmediata began mailing notification letters to the potentially affected individuals directly on April 22, 2019. The notification letters also include information about the incident and steps potentially affected individuals can take to monitor and protect their personal information. Inmediata has a toll-free call center established to answer questions about the incident and related concerns. The call center is available Monday through Friday from 9:00 a.m. to 6:30 p.m. Eastern Time and can be reached at (833) 389-2392. Further information for all patients can be found at the Inmediata website at

About Inmediata
Founded in 2002 as a health care value-added intermediary providing clearinghouse services, today Inmediata provides a full suite of software and business process outsourcing solutions for health plans, hospitals, IPAs, and independent physicians. Inmediata leverages its claim adjudication, clearinghouse, practice management, electronic health record and health information exchange services to support administrative simplification and population health. For more details, visit

SOURCE Inmediata

Update: The comments below this post suggest a major screw-up in Inmediata’s incident response as far as the mailed notifications go. I do not know know if they used a third-party vendor to handle the mailing, but what I’m reading in comments is very disturbing, to say the least!