Logan Health Facing Class Action Lawsuit Over Data Breach
Legal action is being taken against Logan Health and subsidiary, sister, and related entities over a data breach that occurred in 2021 and affected 213,543 Logan Health Medical Center patients. The class action lawsuit was filed in the U.S. District Court for the District of Montana Great Falls Division by law firm Heenan & Cook on behalf of plaintiff Allison Smeltz and all similarly affected individuals over the alleged failure of the health system to protect the plaintiff’s and class members’ sensitive personal information. The data breach in question was reported by Logan Health in February 2022, with its investigation confirming unauthorized individuals had access to its system between November 18, 2021, and November 22, 2021. Hackers gained access to a single file server housing files that contained patients’ protected health information such as names, contact information, insurance claim information, date(s) of service, medical bill account number, and health insurance information. Logan Health said it had found no evidence of misuse of patient data, offered affected...
Breach Barometer Report Shows Over 50 Million Healthcare Records Were Breached in 2021
Protenus has released its 2022 Breach Barometer Report which confirms 2021 was a particularly bad year for healthcare industry data breaches, with more than 50 million healthcare records exposed or compromised in 2021. The report includes healthcare data breaches reported to regulators, as well as data breaches that have been reported in the media, incidents that have not been disclosed by the breached entity, and data breaches involving healthcare data at non-HIPAA-regulated entities. The data for the report was provided by DataBreaches. Protenus has been releasing annual Breach Barometer reports since 2016, and the number of healthcare data breaches has increased every year, with the number of breached records increasing every year since 2017. In 2021, it has been confirmed that at least 50,406,838 individuals were affected by healthcare data breaches, a 24% increase from the previous year. 905 incidents are included in the report, which is a 19% increase from 2020. The largest healthcare data breach of the year occurred affected Florida Healthy Kids Corporation, a Tallahassee,...
6 Healthcare Providers and Business Associates Report Hacks and Ransomware Attacks
A round-up of 6 cyberattacks that have recently been reported by healthcare providers and business associates that resulted in the exposure and possible theft of patients’ protected health information. Duncan Regional Hospital Duncan Regional Hospital in Oklahoma has announced that hackers gained access to its systems and potentially exfiltrated sensitive patient and employee information. The breach was detected on January 20, 2022, and immediate action was taken to secure its systems, and an independent computer forensics company was engaged to conduct a forensic investigation to determine the nature and scope of the breach. A review of the files on the affected parts of its system confirmed they contained patient information such as name, date of birth, Social Security number, limited treatment information, and medical appointment information such as date of service and name of providers. Employee data potentially accessed in the attack included personal information associated with W-2s, such as name, date of birth, address, and Social Security number. Duncan Regional...
PHI of Over 500,000 Individuals Potentially Compromised in 4 Security Incidents
Over 500,000 individuals have been affected by cyberattacks on Norwood Clinic, PracticeMax, Central Indiana Orthopedics, and an unauthorized electronic medical record incident at Ascension Michigan. Norwood Clinic The Birmingham, AL-based multi-specialty clinic, Norwood Clinic, has recently started notifying 228,103 individuals that some of their protected health information was accessed in a cyberattack that was detected on October 22, 2021. Upon detection of the breach, systems were immediately secured and third-party security experts were engaged to investigate the incident and determine the nature and scope of the breach. The investigation confirmed that an unauthorized individual gained access to a server that housed patient information such as names, contact information, birth dates, Social Security numbers, driver’s license numbers, limited health information, and/or health insurance policy numbers. While unauthorized data access was confirmed, it was not possible to determine the specific information that was accessed, or whether any patient information was acquired in the...
Warning Issued About Access:7 Vulnerabilities Affecting IoT and Medical Devices
7 vulnerabilities dubbed Access:7 have been identified in the web-based technologies PTC Axeda and Axeda Desktop Server, which are used to allow one or more people to securely view and operate the same remote desktop via the Internet. If exploited, an attacker could gain full system access, remotely execute code, trigger a denial-of-service condition, read and change configurations, and obtain file system read access and log information access. Three of the vulnerabilities are rated critical and have a CVSS severity score of 9.8 out of 10. PTC Axeda and Axeda Desktop Server are remote asset connectivity software solutions that are used as part of a cloud-based IoT platform. The software is extensively used in medical and Internet-of-Things (IoT) devices to manage and remotely access connected devices, including multiple medical imaging and laboratory devices. At present, none of the vulnerabilities are believed to have been exploited in the wild. The vulnerabilities affect all versions of the software. They are: CVE-2022-25246 – Hard-coded credentials – CVSS Severity Score 9.8/10...



