Deloitte published results of survey:
- 98% of C-suite executives have come across at least one cybersecurity event during last year
- 86% have noticed uptick in attacks
- 14% have no incident response plan
- 40% of healthcare organizations have not yet implemented an incident response plan
- 27% are most worried about actions of “well-meaning” employees who inadvertently allow hackers in
- 41% have implemented solutions to monitor staff use of network
The federal Dept. of Health & Human Services reported HIPAA breaches for 9/2021:
- 23.7% increase YoY in reported breaches
- 1,253,258 patient records exposed
- The North American Dental Group, headquartered in New Castle, PA, notified 170,000 patients that their PHI was exposed after email phishing attack.
- Central Indiana Orthopedics notified an unknown number of patients that their PHI was exposed after ransomware attack.
- The Educators Mutual Insurance Association (EMI Health), headquartered in Murray, Utah, notified an unknown number of patients that their PHI was stolen by a hacker.
- The University of North Carolina Hospital System, headquartered in Chapel Hill, North Carolina, notified 719 patients that their PHI was exposed after being illegally accessed by an employee.
- Tech Etch, headquartered in Plymouth, Massachusetts, notified an unknown number of customers that their info was exposed after ransomware attack.
- TriValley Primary Care of Pennsylvania notified an unknown number of patients that their PHI was exposed after ransomware attack.
- Wiggin and Dana Law Firm of Westport, Connecticut notified an unknown number of clients that their info may have been exposed after ransomware attack.
- McAllen Surgical Specialty Center of Texas notified an unknown number of patients that their PHI was exposed after ransomware attack.
- Corry School District of Pennsylvania notified an unknown number of students that their info was exposed after ransomware attack.
- University of Mississippi Medical Center notified an unknown number of patients that their PHI was illegally accessed by 3 former employees. Stamford Hospital and Stamford Health Medical Group of Connecticut notified an unknown number of patients that their PHI may have been exposed during a “network connectivity issue”
- Deep6 AI, headquartered in Pasadena, CA, notified “millions’ of patients that their PHI may have been exposed after it was inadvertently placed in a publicly accessible online database.
- Michael’s, a nationwide retailer headquartered in Texas, announced that Jose Tito Salazar of Riverside, CA was sentenced to 51 months in prison stealing customer credit card info.
- Ohio State University of Columbus, OH notified 400 students that their PHI was exposed during an “email gaffe”
- Centinela Valley Union High School District of California notified an unknown number of students that their info was exposed after ransomware attack.
- Wyatt Travnichek of Kansas was arrested and admitted in court that he illegally accessed and tampered with the network of Post Rock Rural Water District.
- Alejandro Benitez was arrested after allegedly hacking into Chico State University and illegally accessing student info.
- Patrick Driscoll was arrested by Salt Lake City police in Utah after allegedly illegally accessing confidential police files.
- Westmoreland County Children’s Bureau of Pennsylvania announced that former employee, Rebecca D. Walker, was arrested for allegedly illegally accessing PHI of patients.
- The National Rifle Association notified an unknown number of members that their info may have been exposed after ransomware attack.
- The City of Titusville, Florida notified an unknown number of citizens that that their info was exposed after ransomware attack.
- Janesville School District of Wisconsin notified an unknown number of students that their info was exposed after ransomware attack.
- Seneca Family of Agencies in northern California notified an unknown number of patients that that PHI was exposed after ransomware attack.
- Washington County School District of Vermont notified an unknown number of students that their info was exposed after ransomware attack.
- Team Alvarez Insurance of Santa Ana, CA notified an unknown number of Blue Shield Insurance of California members that their PHI was exposed after ransomware attack. Coughlin & Cerhart Law Firm in New York City, New York notified an unknown number of clients that their info was exposed after ransomware attack.
- Samaritan Daytop Village of New York has notified an unknown number of patients that their PHI was exposed after cybersecurity incident.
- The Foundation for Medical Care of Merced County of California notified an unknown number of members of Merced County School District that their PHI was exposed after a burglary occurred and thieves took a back-up drive that contained scanned images of PHI documents.