#BusinessAssociate

Dissent Doe :cupofcoffee:PogoWasRight@infosec.exchange
2025-11-18

NEW by me:

From bad to worse: Doctor Alliance hacked again by same threat actor

databreaches.net/2025/11/18/fr

This is a bad #databreach in terms of the #PII and #PHI acquired by the hacker, "Kazu," who is about to leak it all.
Oof.

Background: I reported on the first breach/attack a few days ago at databreaches.net/2025/11/12/do

When the CEO claimed it was all secured the same day, the hacker got ticked off and went back in and hacked them again.

#HealthSec #HIPAA #BusinessAssociate #thirdparty #vendor #hack #ransom #cybersecurity #incidentresponse

@zackwhittaker @campuscodi @euroinfosec @Hackread

Dissent Doe :cupofcoffee:PogoWasRight@infosec.exchange
2025-11-01

NEW by me: Veradigm’s Breach Claims Under Scrutiny After Dark Web Leak

databreaches.net/2025/11/01/ve

This breach may have affected 2M of Veradigm's clients' patients, but it's pretty much flown under the media radar, and its explanation of how the breach occurred didn't make sense to me after I took a look at a data tranche.

#HealthSec #BusinessAssociate #vendor #hack #incidentresponse #transparency #notification #Rhysida #Veradigm #SunflowerMedicalGroup #databreach

Dissent Doe :cupofcoffee:PogoWasRight@infosec.exchange
2025-07-08

Integrated Oncology Network victim of phishing attack; multiple locations affected:

databreaches.net/2025/07/08/in

No group seems to have claimed responsibility as yet and ION makes no mention of any extortion demand.

#healthsec #cybersecurity #businessassociate #databreach

Dissent Doe :cupofcoffee:PogoWasRight@infosec.exchange
2025-06-30

Horizon Healthcare RCM is a business associate to numerous healthcare systems and entities.This past week, they disclosed that they were hit with a ransomware attack in December and that they paid to get the unnamed threat actor(s) to delete the stolen data.

So far, they have not disclosed any numbers and none of their affected clients (assuming,for now, that there are affected clients) have reported the incident to HHS or any regulators that I can spot.

This may or may not wind up being another big breach when we start finding out how many entities were affected and how many patients each. As always, going after third-party vendors is like "open sesame" for threat actors.

databreaches.net/2025/06/29/ho

#HealthSec #databreach #ransomware #cybersecurity #businessassociate

Dissent Doe :cupofcoffee:PogoWasRight@infosec.exchange
2025-06-29

NEW: Horizon Healthcare RCM discloses ransomware attack in December:

databreaches.net/2025/06/29/ho

The attack did encrypt files and it seems that Horizon paid to get data deleted.

There is much we don't know yet, including how many patients total were affected, and which of their clients had affected patients.

See the post for more information.

#databreach #healthsec #ransomware #cybersecurity #businessassociate

@campuscodi

Dissent Doe :cupofcoffee:PogoWasRight@infosec.exchange
2025-06-18

Alleged Geisinger hacker will defend himself pro se.

What's that old adage about someone defending themself instead of using a lawyer? That they have a fool for a client?

I've uploaded two of his filings -- the motion to defend pro se, which was granted, and now an emergency motion to be temporarily released from prison because... well, he gives some reasons. You'll see.

databreaches.net/2025/06/18/al

And fwiw, Nuance never responded to my inquiries at the time of his arrest asking about what kind of background check they had done because his history revealed a number of past run-ins with the law.

#databreach #healthsec #businessassociate #HIPAA #insiderthreat #idtheft #fraud

Dissent Doe :cupofcoffee:PogoWasRight@infosec.exchange
2025-06-17

Episource is notifying 5.4 million patients of a cyberattack in January:

databreaches.net/2025/06/17/ep

Some media call this a #ransomware attack, but Episource does not mention any encryption of data and is silent on that question or any mention of any ransom demand. I cannot find any gang who has claimed responsibility for this incident or that has added it to any leak site.

#healthsec #databreach #businessassociate

Dissent Doe :cupofcoffee:PogoWasRight@infosec.exchange
2025-05-29

In May 2024, medical billing and revenue cycle management firm ALN Medical Management disclosed a third-party breach. They've recently supplemented their disclosure and are sending out many more notification letters. The total number of patients affected by the incident now stands at more than 1.8 million.

The third party provider was never named.

But because two notification letters arrived here yesterday, I am wondering how far back the third party's stored data goes. ALN's disclosure never tells us that, but the letters arriving here yesterday were for people who haven't lived at this address for a decade or so.

databreaches.net/2025/05/29/up

#databreach #BusinessAssociate #HIPAA

Dissent Doe :cupofcoffee:PogoWasRight@infosec.exchange
2024-10-29

Medusa also claims to have hit American Medical Billing in Illinois. Medusa provides a number of internal files, including insurance. They are asking $150k to either delete all the data or download all the data.

I'm somewhat surprised that they are asking (only) 10k more for medically related info than for the school district listing.

#HealthSec #databreach #cybersecurity #HIPAA #BusinessAssociate

Dissent Doe :cupofcoffee:PogoWasRight@infosec.exchange
2024-10-19

@ValeryMarchive So far, I haven't found any other entities reporting that they were affected by an attack on National Diagnostic Imaging. Was Birth Choice of San Marcos their only client/provider affected? It seems unlikely. There's no notice on NDI's website about any breach and nothing reported to HHS that I can find so far.

I've submitted an inquiry to NDI but no reply was immediately available.

#healthsec #HIPAA #BusinessAssociate #cybersecurity

Dissent Doe :cupofcoffee:PogoWasRight@infosec.exchange
2024-06-26

Well, I can't say I'm surprised, but Nuance Communications hasn't responded to my inquiries about their former employee, who has been charged federally for unauthorized access to Geisinger patient data days after his employment was terminated.

When I looked at court filings, I wondered whether he had ever been subjected to a criminal background check. So I asked Nuance some questions, including whether they terminated his access when they ended his employment.

Read more at databreaches.net/2024/06/25/wh

#databreach #cybersecurity #hipaa #businessassociate

Dissent Doe :cupofcoffee:PogoWasRight@infosec.exchange
2023-11-10

The Perry Johnson & Associates (PJ&A) breach that affected 1.2 million patients of Cook County Health in Illinois also affected millions of Northwell Health patients on Long Island,

databreaches.net/pja-data-brea

PJ&A is a medical transcription service so lots of #PII and #PHI appear to be involved in this one.

The actual breach/exfil occurred months ago. So far, I've not found any attribution, any indication of any extortion/ransom demand, or any group claiming responsibility for this one.

#databreach #HealthSec #HIPAA #BusinessAssociate #infosec

@BleepingComputer @campuscodi @jgreig @briankrebs @brett @euroinfosec

Client Info

Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst