The Perry Johnson & Associates (PJ&A) breach that affected 1.2 million patients of Cook County Health in Illinois also affected millions of Northwell Health patients on Long Island,
PJ&A is a medical transcription service so lots of #PII and #PHI appear to be involved in this one.
The actual breach/exfil occurred months ago. So far, I've not found any attribution, any indication of any extortion/ransom demand, or any group claiming responsibility for this one.
Henrietta Johnson Medical Center reports that patients were affected by an April breach at Delaware Health Network, but they do not seem to be getting the info they need as to which patients' data was accessed or acquired, etc. So they submitted a marker "500" report to HHS about the incident.
I wonder how many other DHN clients/covered entities were affected by the incident and how many patients total there will be due to this "cyber event."
So an investigator from #HHSOCR contacted me to ask if I still had unredacted data from a breach I reported last year and if I did, could I share it with them?
And to my shock, they told me they still have no way for folks to upload databases. They could take fax or postal mail or an encrypted email.
I was told last year that they were getting an upload system. Where is it?
Luckily, what they requested wasn't too big and could be attached to an encrypted email. But if it was a database.... ?
I really hope they get the resources they need to investigate data security breaches. They've issued a few settlements involving data security very recently and I hope that's a good sign of more to come.