On August 26, 244.813 patients were notified that their personal data have probably been violated by an attack ransomware held against her Assured Imaging. This is a mobile digital mammography provider based in Arizona.
Η attack resulted in data leakage. Although it is not yet known what this data is, the attacker could access patient names, contact information, medical history, patient IDs, services provided, and other sensitive information.
Its creators PYSA ή Mespinoza ransomware claimed responsibility for the attack a few weeks later. In fact, they published some of the data that they allegedly stole, in an attempt to force Assured Imaging to pay the ransom.
Patients affected by infringement have filed a lawsuit in the U.S. District Court of Arizona, which claims the victims suffered damage in various areas.
Η treatment also claims that Assured Imaging stores patient data on a system that is vulnerable to cyber attacks and that the invasion was expected. As a result of these security failures, patient data was found to be vulnerable.
Finally, the lawsuit alleges that Assured Imaging did not comply with FTC guidelines and minimum data security standards, including the application of all security updates, training and supervision of employees regarding the proper handling of incoming e-mail, the implementation of policies and procedures to restrict access to patient health information and the inability to encrypt ePHI, among other claims.
"There is a high probability that entire sets of stolen information have been leaked to the black market and there are many that have not yet been leaked to the black market, which means that patients are at increased risk of fraud and identity theft for many years to come," the lawsuit said. "So patients have to keep a close eye on their financial and medical accounts for many more years."