An unsecured database appearing to belong to a Netherlands-based medical laboratory exposed 1.3 million records on the internet, including COVID test results and other personal identifiable information, said a security researcher who discovered the trove and reported his findings to the company.
Hackers have reportedly stolen about $7.5 million from a Department of Health and Human Services grant payment system in a series of cyberattacks last year. The news comes in the midst of HHS and other authorities warnings about rising threats involving social engineering and payment scams.
Two tech advocacy groups are pushing the Federal Trade Commission to investigate Google, alleging the company has reneged on a promise it made after the Supreme Court's 2022 overturn of Roe v. Wade to promptly delete location data about users' visits to sensitive places, such as abortion clinics.
The American Hospital Association is warning of increasingly sophisticated social engineering scams targeting hospital IT help desks with schemes involving the stolen credentials of revenue cycle and other finance employees to commit payment fraud against the institutions.
The ubiquity and anonymity of cryptocurrencies are fueling economic, legal and ethical challenges that put healthcare entities in the crosshairs of cybercriminals, said David Hoffman, general counsel of Claxton-Hepburn Medical Center, which recently filed a lawsuit against ransomware gang LockBit.
A North Carolina healthcare system has agreed to pay $6.6 million to settle a consolidated class action lawsuit involving its use of tracking tools in its websites and patient portals. The suit alleges the website trackers sent sensitive patient information to third parties without their consent.
A cloud services firm has turned over to a New York hospital alliance the patient data stolen in a ransomware attack by LockBit. The hospital group had filed a lawsuit against LockBit as a legal maneuver to force the storage firm to return data the cybercriminals had stashed on the vendor's servers.
A Mississippi health system is notifying nearly 253,000 individuals that their data was potentially compromised in a "malicious and sophisticated ransomware" attack last August that also took IT systems offline. The cybercriminal gang Rhysida had claimed responsibility for the assault.
A fertility testing laboratory has agreed to improve its data security practices and pay up to $1.25 million to settle a consolidated class action lawsuit filed in the wake of a 2021 ransomware attack that compromised sensitive health information of about 350,000 patients.
Merck & Co.'s proposed settlement with insurers over a $1.4 billion claim related to the NotPetya attack will change the language the insurance industry uses to exclude acts of war in its policies, and organizations need to consider how those changes affect risk, said attorney Peter Halprin.
Cybercriminals are extorting some patients and threatening them with swatting in the wake of a recent cyberattack on a Seattle cancer center. The incident, stemming from a Citrix Bleed exploit, has triggered multiple lawsuits and affected the personal data of at least 1 million people.
Fallout is mounting, and new developments are emerging in several high-profile health data hacks. Data breaches reported in recent weeks and months at a medical transcription vendor, a hospital chain and a law firm are affecting a growing list of clients and individuals - and triggering lawsuits.
A federally funded health center that provides services to underserved communities in New York has been fined up to $450,000 and must invest $1.2 million in improving its data security, under a settlement with state regulators involving a 2021 ransomware attack that affected about 261,000 people.
It's a new year, but federal regulators are beating an old HIPAA drum: The Department of Health and Human Services has hit a New Jersey medical practice with a $160,000 settlement in the agency's 46th enforcement action involving HIPAA complaint about right of access to health records.
An upstate New York hospital group has filed a lawsuit against cybercriminal group LockBit in a legal maneuver aimed at forcing a Boston-based cloud services firm to turn over patient data LockBit had stolen from the entities last summer and allegedly stored on the tech company's servers.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.