Ransomware group Rhysida is shaking down at least two new victims in the healthcare sector - Bayhealth and Community Care Alliance - threatening to sell or dump patients' sensitive health and personal information on the dark web. Bayhealth confirmed that it is investigating a recent cyberattack.
Prospect Medical Holdings continues to face mounting legal and business fallout from the 2023 ransomware attack that disrupted IT operations at 16 of its hospitals for several weeks and resulted in a data breach that affected 1.3 million people.
An Arkansas-based mental and behavioral health services provider is notifying more than 375,000 individuals of a data theft potentially compromising their sensitive personal and medical information. The organization already faces at least one proposed class action lawsuit in the wake of the breach.
Federal regulators smacked an ambulance firm with a $115,200 civil monetary penalty for failing to provide a patient with her requested health records for more than a year. The penalty is the U.S. Department of Health and Human Services' 49th HIPAA "right of access" enforcement action.
Change Healthcare officials projected that the company's massive February cyberattack affected one-third of the American population. So why did the IT services provider's HIPAA breach report to federal regulators lowball the initial estimate, saying the cyberattack only affected 500 people?
A federal judge has dismissed several claims but has given the green light for plaintiffs to move forward with other allegations in a proposed class action filed against electronic health records vendor NextGen in the aftermath of a 2023 ransomware attack that affected about 1 million people.
Millions of Americans will soon receive a breach notification letter from Change Healthcare, which said on Monday that it has started the process of notifying victims of the massive cyberattack and data theft incident first detected more than five months ago.
Health benefits administrator HealthEquity, which earlier this month reported to the U.S. Securities and Exchange Commission a hacking incident involving the compromised credentials of a vendor, has now told state regulators that the breach affected the information of 4.3 million individuals.
U.S. hospital chain Ascension has filed a placeholder breach report to federal regulators saying its May 8 ransomware attack affected at least 500 individuals. Meanwhile, the waiting game continues for Change Healthcare's official data breach report and individual notifications.
Healthcare groups should consider several key points about a recent Texas federal court ruling and its impact on the use of online tracker technology on the healthcare websites of HIPAA-regulated organizations, said privacy attorney Iliana Peters of the law firm Polsinelli.
Hacks and vendor incidents continue to dominate major health data breach trends in 2024, but a handful of large incidents involving "unauthorized access or disclosure" also top the list of major health data breaches reported to federal regulators so far this year. How are trends shifting?
HealthEquity, which administers healthcare benefits plans for employers, has notified the U.S. Securities and Exchange Commission of a data exfiltration breach involving the compromised credentials of a third-party vendor. The incident did not disrupt IT systems or processes.
A Chicago pediatrics hospital is notifying nearly 800,000 people that their information was compromised in a ransomware attack earlier this year. Cybercrime group Rhysida had demanded a $3.4 million ransom for data it claims to have stolen in the incident. The hospital said it did not pay.
The U.S. Department of Health and Human Services has hit a Pennsylvania-based healthcare system with a $950,000 settlement for potential HIPAA violations found during an investigation into a 2017 ransomware attack involving NotPetya. It's HHS' third enforcement action in a ransomware case.
Two weeks ago, Change Healthcare began notifying thousands of medical practices about a massive data breach affecting millions of patients. The healthcare software firm says it will handle breach notifications, but industry groups want to ensure the government will go along with that plan.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.