Florida drug testing medical laboratory American Clinical Solutions told federal regulators that 300,000 individuals are caught up in a hacking incident now that criminal gang RansomHub has published 700 gigabytes worth of data stolen from the lab's network.
As McLaren Health Care continues to restore its IT systems in the wake of a ransomware attack last week, some Michigan government officials are warning consumers about potential cybercrimes and other concerns stemming from that and similar cyber incidents involving healthcare groups in the state.
New York-based biotechnology firm Enzo Biochem will pay $4.5 million in state fines and must implement a list of security improvements, thanks to a 2023 ransomware attack that affected 2.4 million patients nationwide. Investigators highlighted the company's failure to fix known security risks.
Ransomware group Rhysida is shaking down at least two new victims in the healthcare sector - Bayhealth and Community Care Alliance - threatening to sell or dump patients' sensitive health and personal information on the dark web. Bayhealth confirmed that it is investigating a recent cyberattack.
Prospect Medical Holdings continues to face mounting legal and business fallout from the 2023 ransomware attack that disrupted IT operations at 16 of its hospitals for several weeks and resulted in a data breach that affected 1.3 million people.
An Arkansas-based mental and behavioral health services provider is notifying more than 375,000 individuals of a data theft potentially compromising their sensitive personal and medical information. The organization already faces at least one proposed class action lawsuit in the wake of the breach.
Federal regulators smacked an ambulance firm with a $115,200 civil monetary penalty for failing to provide a patient with her requested health records for more than a year. The penalty is the U.S. Department of Health and Human Services' 49th HIPAA "right of access" enforcement action.
Change Healthcare officials projected that the company's massive February cyberattack affected one-third of the American population. So why did the IT services provider's HIPAA breach report to federal regulators lowball the initial estimate, saying the cyberattack only affected 500 people?
A federal judge has dismissed several claims but has given the green light for plaintiffs to move forward with other allegations in a proposed class action filed against electronic health records vendor NextGen in the aftermath of a 2023 ransomware attack that affected about 1 million people.
Millions of Americans will soon receive a breach notification letter from Change Healthcare, which said on Monday that it has started the process of notifying victims of the massive cyberattack and data theft incident first detected more than five months ago.
Health benefits administrator HealthEquity, which earlier this month reported to the U.S. Securities and Exchange Commission a hacking incident involving the compromised credentials of a vendor, has now told state regulators that the breach affected the information of 4.3 million individuals.
U.S. hospital chain Ascension has filed a placeholder breach report to federal regulators saying its May 8 ransomware attack affected at least 500 individuals. Meanwhile, the waiting game continues for Change Healthcare's official data breach report and individual notifications.
Healthcare groups should consider several key points about a recent Texas federal court ruling and its impact on the use of online tracker technology on the healthcare websites of HIPAA-regulated organizations, said privacy attorney Iliana Peters of the law firm Polsinelli.
Hacks and vendor incidents continue to dominate major health data breach trends in 2024, but a handful of large incidents involving "unauthorized access or disclosure" also top the list of major health data breaches reported to federal regulators so far this year. How are trends shifting?
HealthEquity, which administers healthcare benefits plans for employers, has notified the U.S. Securities and Exchange Commission of a data exfiltration breach involving the compromised credentials of a third-party vendor. The incident did not disrupt IT systems or processes.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing fraudtoday.io, you agree to our use of cookies.