The Oregon Department of Human Services (DHS) was the victim of a phishing campaign earlier this year, resulting in a data breach that reportedly involves the records of up to 1.6 million state residents. According to a March 21 Oregon DHS press release, the incident took place last Jan. 8, when nine separate agency employees…
An unauthorized party accessed the email accounts of several UConn Health employees last Christmas Eve, in a data breach that reportedly may affect up to roughly 326,000 patients. In an online disclosure, the Connecticut-based academic medical center revealed that the breached data includes, names, dates of birth, addresses and “limited medical information such as billing…
Employees of Melbourne Heart Group in Malvern, Australia, have been unable to access patients’ medical records following a January ransomware attack that encrypted the health care provider’s files. The cardiology clinic disclosed the incident today on its website’s home page. “We have been assured that no patient’s privacy has been compromised in any way,” the…
Delaware’s Department of Insurance announced yesterday that 650 residents and five companies located within the state were impacted by a 2018 data breach of BenefitMall, a third-party HR services administrator for health insurance companies. It was originally back on Jan. 4, 2019, that BenefitMall, aka Centerstone Insurance and Financial Services, publicly disclosed a “data security…
A man convicted of launching DDoS attacks against two Boston-area health care facilities was sentenced in U.S. District Court on Thursday to 10 years in prison. Martin Gottesfeld, 34, of Somerville, Mass., was found guilty last August of attacking Boston Children’s Hospital and the Wayside Youth & Family Support Network back in 2014. Gottesfeld has…
The Toledo-based Dental Center of Northwest Ohio has disclosed that a ransomware attack affecting its local third-party IT vendor may be endangered personal data belonging to current and former patients and employees. The IT vendor, Arakyta, informed the health care provider of the possible breach situation around Sept. 1, 2018, the health care provider said in…
In separate incidents, two U.S. health care facilities have publicly disclosed data breaches that resulted from the unauthorized access of an employee’s email. Yesterday, the University of Vermont Health Network – Elizabethtown Community Hospital (ECH) acknowledged that an unauthorized individual remotely accessed an employee’s email account on Oct. 9. This account contained the personal information of…
Adobe Systems today issued an emergency security update for Flash Player following the discovery of a critical vulnerability that attackers were actively exploiting in a Nov. 29 phishing operation targeting a Russian state health care institution. The zero-day arbitrary code execution exploit was specifically employed against Moscow-based “Polyclinic No. 2” of the Administrative Directorate of…
Thundermist Health Center in Woonsocket, R.I., was victimized by a ransomware attack that disrupted its systems on Thursday morning. Amanda Barney, associated VP of communications and development said that the health care center acted promptly to protect patient and employee data, local news affiliate WPRI reported. As of Thursday evening, there is no evidence that any…
A recent risk assessment of information systems at two Arizona-based Medicaid managed care organizations turned up 19 vulnerabilities, according to a new report from the Department of Health and Human Services Office of the Inspector General. Collectively, the flaws were related to remote network access (2), password and login controls (2), physical security controls (1), network…
