@brett mentioned that #Clop added Homewood Health in Canada to their leak site. It's probably due to the Fortra/GoAnywhere incident. But Clop also added a bunch of U.S. healthcare entities to their site, and I suspect they are also all part of the #GoAnywhere incident:

Alivia Health
Medminder
US Wellness
Allied Benefit
MedExhco
WellBe
Ace Nursing

There has been no data leaked for any of the above yet, and no confirmation that I am aware of from any of these victims that it was GoAnywhere, but time will tell...

#databreach #dataprotection #healthsec #infosec #cybersecurity #HIPAA

@BleepingComputer @lawrenceabrams

No need to hack when it’s leaking, DC Health Link edition.

BreachForums user "Denfur" tells me the DC Health Link data wasn't hacked and was found by Google dorking.

https://www.databreaches.net/no-need-to-hack-when-its-leaking-dc-health-link-edition/

#databreach #dataprotection #HealthSec #infosec #cybersecurity #dataleak #Congress #FBI

@lawrenceabrams @aj_vicens @zackwhittaker @briankrebs @allan

Lawsuit filed against Lehigh Valley Health Network after ransomware gang leaks sensitive patient data online:

https://www.databreaches.net/lawsuit-filed-against-lehigh-valley-health-network-after-ransomware-gang-leaks-sensitive-patient-data-online/

Direct link to lawsuit complaint: https://www.smbb.com/wp-content/uploads/2023/03/Complaint-Filed-03-13-2023.pdf

#databreach #privacy #confidentiality #harm #healthsec #infosec #cybersecurity #ransomware #extortion #LVHN #BlackCat #PHI #HIPAA #negligence

@brett @allan @lawrenceabrams @kevincollier @daniellecitron

@lawrenceabrams @BleepingComputer

#GMTA. I had just sent inquiries to Aliva Health and Medminder this afternoon asking them if they would confirm or deny that they were victims of the Fortra/GoAnywhere attack. So far, there's nothing on their sites or on HHS's public breach tool, but I suspect it's only a matter of time until we see them added there.

#HIPAA #HITECH #databreach #HealthSec #BusinessAssociate #vendor #Clop #ransomware #dataprotection

ZOLL Medical is notifying 1,004,443 patients whose protected health information (PHI) may have been compromised in a recent data security incident that didn’t involve pixels or trackers.

That said, some details about this one are not yet clear, and I am trying to get clarification from ZOLL.

Read what we know so far at https://www.databreaches.net/zoll-medical-notifying-1004443-patients-of-data-breach-hipaa/

#databreach #HealthSec #cybersecurity #PHI #HIPAA #dataprotection #infosec

@brett @allan @jgreig @BleepingComputer @vxunderground

And to prove to myself once again that I should probably NOT read the news on the weekend:

#LockBit hit another hospital. This one is The Grupo Hospitalar Vida in Brazil. It appears to have a maternity hospital associated with it. Their site is timing out.

I have left LockBitSupp a less-than-professional message on Tox.

#ransomware #databreach #healthsec #infosec #cybersecurity

Two more medical sector attacks were disclosed yesterday (at least two -- I may find more, of course).

The second is Florida Medical Center in Florida which disclosed a ransomware attack, but then made some statements that raised questions for me. You can read about their statements and my questions at:

https://www.databreaches.net/another-ransomware-attack-results-in-a-hipaa-breach-florida-medical-center/

#databreach #HIPAA #ransomware #incidentresponse #dataprotection #HealthSec #infosec #cybersecurity

@brett @douglevin @allan @BleepingComputer

Two more medical sector attacks were disclosed yesterday (at least two -- I may find more, of course).

The first is Bone & Joint Clinic in Wisconsin, which reported that a "network disruption" caused a HIPAA breach of employee and patient information.

https://www.databreaches.net/bone-joint-clinic-reports-network-disruption-caused-hipaa-breach-of-employee-and-patient-information/

#databreach #HIPAA #NetworkDisruption #obfuscation #transparency #incidentresponse #dataprotection #HealthSec #infosec #cybersecurity

@brett @douglevin @aj_vicens @BleepingComputer

Capitol Hill data breach more ‘extensive’ than previously known:

https://www.cnn.com/2023/03/09/politics/capitol-data-breach-senate-house/index.html

Note that a second listing appeared yesterday on the same forum offering what is allegedly the same data for tokens and not private sale this time. A free sample with 200 listings was also provided.

One member of Congress interviewed by CNN echoed what DataBreaches has heard from some people we spoke to: after the OPM breach, this just doesn't seem very worrying to some people.

#databreach #congress #DCHealthLinks #cybersecurity #infosec #HIPAA #HealthSec

Report: Oklahoma among highest states for medical ID theft: https://journalrecord.com/2023/03/02/report-oklahoma-among-highest-states-for-medical-id-theft/

#medicalIDtheft #databreach #dataprotection #HealthSec #cybercrime #infosec #cybersecurity

A third-party breach that impacted Northwest Mothers Milk Bank in Oregon has also affected Rogers Hixon Ontario Human Milk Bank in Canada. The breach was in December at Timeless Medical Systems.

Timeless informed milk bank clients that "some files were acquired from the TMS network by an unknown third party, after which TMS took steps to mitigate the potential impact of the incident, recovered the files, and informed affected parties."

The data involved included a lot of data protected under HIPAA in the U.S. and PHIPA in Canada:

"milk donor applicant and infant names, date of birth, address, phone number, milk donor application contents (including self-reported information, medical health validation, blood screening results and/or required health and lifestyle updates), health care provider name, and lab generated patient ID, to the extent you or a family member provided the foregoing information in
dealing with NWMMB as a donor"

Timeless does not explain how they recovered the files. They do not mention ransomware, and they do not indicate whether any ransom was either demanded or paid.

Notification from Northwest Mothers Milk Bank: https://agportal-s3bucket.s3.amazonaws.com/databreach/BreachA19803.pdf

Media coverage of Rogers Hixon Ontario Human Milk Bank: https://www.cbc.ca/news/canada/toronto/human-milk-bank-data-breach-1.6771193

#databreach #dataprotection #businessassociate #infosec #cybersecurity #incidentresponse #healthsec

The Chautauqua Center notifies patients of breach; changes EMR provider:

https://www.databreaches.net/the-chautauqua-center-notifies-patients-of-breach-changes-emr-provider/

#databreach #HIPAA #PHI #HealthSec #BusinessAssociate #dataprotection #infosec #EMR

Medicare under attack: Healthcare data breaches increase fraud risks:

https://www.thomsonreuters.com/en-us/posts/investigation-fraud-and-risk/medicare-fraud-risks/

#databreach #healthcare #medicare #fraud #HIPAA #HealthSec #infosec #cybersecurity

Lubbock Heart and Surgical Hospital sued for breach where no one knows for sure whether data was accessed or acquired: https://www.databreaches.net/lubbock-heart-and-surgical-hospital-sued-for-breach-where-no-one-knows-for-sure-whether-data-was-accessed-or-acquired/

#dataprotection #databreach #lawsuit #infosec #healthsec #forensics #standing

Sentara Health notifying 741 patients after mistake by Coronis Health employee: https://www.databreaches.net/sentara-health-notifying-741-patients-after-mistake-by-coronis-health-employee/

Good example of the value of having a compliance hotline or data security reporting number displayed on your website.

#databreach #dataprotection #infosec #responsibledisclosure #HealthSec #businessassociate

Reventics, a business associate, notified HHS of an incident that affected 250,918 patients. They also posted a brief notice on their website.

And no, they do NOT reveal that this was a #ransomware attack.

And no, they do NOT reveal that some data has already been leaked.

https://www.databreaches.net/reventics-notifying-patients-of-ransomware-incident/

#databreach #HealthSec #incidentresponse #transparency #HIPAA #HITECH #infosec #cybersecurity

Hutchinson Clinic in Kansas issues alert concerning December data breach, but has not yet notified patients nor HHS.

Doesn't sound like a ransomware incident from the wording of their notice, but hey...

#databreach #hack #incidentresponse #notification #HealthSec #infosec #cybersecurity

https://www.databreaches.net/ks-hutchinson-clinic-issues-alert-concerning-december-data-breach/

h/t, #KWCH

BianLian doesn't seem to get a lot of media coverage, but they've hit a number of entities in the healthcare sector already, including one hospital.

BianLian recently posted samples from some unnamed victims on Breached -- but it was easy to determine the victims from the samples: Northeast Surgical Group, Zerbe Retirement Community, and Arizona Reproductive Medicine Specialists. None of the three have any notice on their websites at this time.

Today, BianLian dumped data from Northeast Surgical Group on their leak site. They also dumped data from Suburban Laboratories in Illinois.

There is nothing on Suburban's website about any incident, and none of these victims have yet to appear on HHS's public breach tool.

Perhaps HHS should provide a threat brief or analyst note on BianLian, including the availability of any free decryptor.

#BianLian #databreach #ransomware #infosec #HealthSec #cybersecurity

Another business associate was hit by ransomware in December. Reventics has submitted a notification to the Montana AG's office that 1,027 Montana residents were impacted. We have no info as yet as to how many patients nationwide, total, may have been impacted, or who the ransomware group was.

In other healthcare sector breach news, NewBridge Services in NJ appears to have been hit by LockBit3.0. They were added to LockBit's leak site today with some proof.

And because it's Friday, I expect we'll see yet more disclosures....

#databreach #ransomware #HealthSec #infosec #cybersecurity

"The personal information of millions of MySejahtera users has been exposed after an account authorised for vaccine administration stole data from three million vaccine recipients, revealed a national audit."

https://codeblue.galencentre.org/2023/02/16/audit-mysejahtera-data-breach-affected-three-million-users/

Do they know the identity of the "SuperAdmin" they had authorized?

#Infosec #COVID #HealthSec #databreach #dataprotection