Category Archives: Breach Incidents

Attorney General James and DFS Superintendent Harris Secure $11.3 Million from Auto Insurance Companies over Data Breaches

Posted on by

NEW YORK – New York Attorney General Letitia James and New York State Department of Financial Services (DFS) Superintendent Adrienne A. Harris today secured $11.3 million in penalties from two auto insurance companies, the Government Employees Insuranc… Continue reading Attorney General James and DFS Superintendent Harris Secure $11.3 Million from Auto Insurance Companies over Data Breaches

Pacific Pulmonary Medical Group patient information dumped by Everest Ransomware Team

Posted on by

The Pacific Pulmonary Medical Group (PPMG) in California has a significant data breach problem, but if you were to visit its website today, you’d have no clue that anything is amiss. On October 25, Everest Team added PPMG to its dark web leak sit… Continue reading Pacific Pulmonary Medical Group patient information dumped by Everest Ransomware Team

Thai loyalty membership card data of 5 million customers put up for sale on hacking forum

Posted on by

Central Group is a multinational conglomerate in Thailand that describes itself as one of the largest private commercial conglomerates in Thailand with more than 50 subsidiaries and six key business lines. In October 2021, DataBreaches reported an atta… Continue reading Thai loyalty membership card data of 5 million customers put up for sale on hacking forum

NY: Equinox notifies clients and employees of April data security incident

Posted on by

On November 15, Equinox notified clients and staff members about what they described as a data security incident on April 29. With a little digging, DataBreaches realized that it was an attack by LockBit3.0. Equinox is a human services organization tha… Continue reading NY: Equinox notifies clients and employees of April data security incident

Still in the dark: A “500 marker” is updated, but too many still aren’t. Is HHS doing anything about this??

Posted on by

In March 2024, LockBit3.0 added Redwood Coast Regional Center  (RCRC) to its leak site. On May 3, RCRC notified HHS of the March 6 incident, reporting that 500 patients had been affected. RCRC only recently updated that report to indicate that 24,937 p… Continue reading Still in the dark: A “500 marker” is updated, but too many still aren’t. Is HHS doing anything about this??

Class action ping pong: Dismissal of lawsuit against Chelan Douglas Health District reversed; case goes back to Superior Court

Posted on by

In July 2021, Chelan Douglas Health District in Washington experienced a data breach. They disclosed the breach to the public in March 2022, surprisingly patting themselves on the back for completing their investigation in 6-7 months. A number of media… Continue reading Class action ping pong: Dismissal of lawsuit against Chelan Douglas Health District reversed; case goes back to Superior Court

How many similar breaches can one entity have in one year before regulators do something?

Posted on by

How many data breaches can an entity have before either some regulator steps in with a corrective action plan or something happens to reduce the likelihood of more breaches?  Consider the following: Breach # 1 On February 22, 2022, Minuteman Senior Ser… Continue reading How many similar breaches can one entity have in one year before regulators do something?

US Healthcare at risk: Strengthening resiliency against ransomware attacks

Posted on by

Microsoft writes: The healthcare sector faces a rapidly increasing range of cybersecurity threats, with ransomware attacks emerging as one of the most significant. A combination of valuable patient data, interconnected medical devices, and small IT/cyb… Continue reading US Healthcare at risk: Strengthening resiliency against ransomware attacks