The Austin, Texas-based company divulged the possible SEC probe in a shareholder filing. Federal regulators have made a preliminary determination an investigation should proceed into whether the company violated securities law by failing to adequately disclose cybersecurity risks and incidents. They sent the company what's known as a "Wells Notice," a notification that stops short of a formal charge and allows the company to contest the preliminary staff determination, which SolarWinds says it will do.
“For example, we do not believe that the cybercriminals were able to remove the entire medical record of OakBend’s patients. It does appear, however, that the cybercriminals were able to access and/or remove certain employee data sets and certain reports that included the personal and medical information related to our current and former patients, employees, and related individuals.”
Aveanna Healthcare in Georgia agreed to pay Massachusetts $425,000 after that state's attorney general investigation into the home health and hospice provider found that the company’s failure to implement proper security measures led to its phishing-related data breach in 2019.
Keystone Health suffered a healthcare data breach that impacted 235,237 individuals and potentially exposed protected health information.
An investigation led with assistance from a third-party forensic team revealed that an attacker accessed systems within the legacy Coastal Cardiology network, used by Ascension to retain data, including patient information, in order to meet regulatory requirements. The data was not used for current business operations.
A hacking incident at a New York-based administrative services firm has resulted in a growing list of anesthesiology practices reporting breaches that so far have affected the personal information of about 430,000 people.
Texas-based St. Luke’s Health notified 16,906 individuals of a third-party data breach that impacted Adelanto Healthcare Ventures (AHCV), a consulting services vendor. The breach is unrelated to the October ransomware attack at St. Luke’s Health’s parent company, CommonSpirit Health, which impacted multiple facilities, including St. Luke’s.