Health Care

Health Care

Phishing scam stings Oregon Dept. of Human Services, compromises emails containing resident data

By

The Oregon Department of Human Services (DHS) was the victim of a phishing campaign earlier this year, resulting in a data breach that reportedly involves the records of up to 1.6 million state residents. According to a March 21 Oregon DHS press release, the incident took place last Jan. 8, when nine separate agency employees…

Hospital

Breach could impact roughly 326,000 UConn Health patients

By

An unauthorized party accessed the email accounts of several UConn Health employees last Christmas Eve, in a data breach that reportedly may affect up to roughly 326,000 patients. In an online disclosure, the Connecticut-based academic medical center revealed that the breached data includes, names, dates of birth, addresses and “limited medical information such as billing…

Heart attack: Ransomware encrypts Australian cardiac clinic’s patient files

By

Employees of Melbourne Heart Group in Malvern, Australia, have been unable to access patients’ medical records following a January ransomware attack that encrypted the health care provider’s files. The cardiology clinic disclosed the incident today on its website’s home page. “We have been assured that no patient’s privacy has been compromised in any way,” the…

Hundreds of Delaware residents among the victims of BenefitMall breach

By

Delaware’s Department of Insurance announced yesterday that 650 residents and five companies located within the state were impacted by a 2018 data breach of BenefitMall, a third-party HR services administrator for health insurance companies. It was originally back on Jan. 4, 2019, that BenefitMall, aka Centerstone Insurance and Financial Services, publicly disclosed a “data security…

Unhappily ever after: Hospital hacker rescued by Disney cruise ship sentenced to 10 years

By

A man convicted of launching DDoS attacks against two Boston-area health care facilities was sentenced in U.S. District Court on Thursday to 10 years in prison. Martin Gottesfeld, 34, of Somerville, Mass., was found guilty last August of attacking Boston Children’s Hospital and the Wayside Youth & Family Support Network back in 2014. Gottesfeld has…

Dental Center of NW Ohio feels bite of ransomware attack on IT vendor

By

The Toledo-based Dental Center of Northwest Ohio has disclosed that a ransomware attack affecting its local third-party IT vendor may be endangered personal data belonging to current and former patients and employees. The IT vendor, Arakyta, informed the health care provider of the possible breach situation around Sept. 1, 2018, the health care provider said in…

Vermont, Dallas medical facilities suffer email account breaches

By

In separate incidents, two U.S. health care facilities have publicly disclosed data breaches that resulted from the unauthorized access of an employee’s email. Yesterday, the University of Vermont Health Network – Elizabethtown Community Hospital (ECH) acknowledged that an unauthorized individual remotely accessed an employee’s email account on Oct. 9. This account contained the personal information of…

Adobe fixes zero-day Flash bug after attackers target Russian clinic with exploit

By

Adobe Systems today issued an emergency security update for Flash Player following the discovery of a critical vulnerability that attackers were actively exploiting in a Nov. 29 phishing operation targeting a Russian state health care institution. The zero-day arbitrary code execution exploit was specifically employed against Moscow-based “Polyclinic No. 2” of the Administrative Directorate of…

Rhode Island’s Thundermist health center struck by ransomware

By

Thundermist Health Center in Woonsocket, R.I., was victimized by a ransomware attack that disrupted its systems on Thursday morning. Amanda Barney, associated VP of communications and development said that the health care center acted promptly to protect patient and employee data, local news affiliate WPRI reported. As of Thursday evening, there is no evidence that any…

Inspector General’s report documents security flaws at Arizona Medicare MCOs

By

A recent risk assessment of information systems at two Arizona-based Medicaid managed care organizations turned up 19 vulnerabilities, according to a new report from the Department of Health and Human Services Office of the Inspector General. Collectively, the flaws were related to remote network access (2), password and login controls (2), physical security controls (1), network…

Next post in Security News