Collaborate Disseminate
Tyler Kula reports: Bluewater Health, hardest hit by a cyberattack on five Southwestern Ontario hospitals last fall, had a relatively dated system for storing and sharing patient information at the time, Bluewater Health’s board chairperson says. “It d… Continue reading Bluewater Health getting new, more secure hospital info system
On December 28, DataBreaches published snippets from a chat with a threat actor (TA) who claimed to have involvement with both the Fred Hutch cyberattack and the Integris cyberattack. In the course of that exchange, the TA surprised DataBreaches by cla… Continue reading Fred Hutch failed to reveal threats of potential swatting attacks until this site revealed the threat. Should they have disclosed it themselves?
On September 8, Brady Martz & Associates in North Dakota disclosed a data breach in November 2022 that reportedly affected more than 53,000 individuals. Less than two weeks later, at least four lawsuits had been filed against the firm. Now, four mo… Continue reading Family Healthcare notifying patients of November 2022 breach at Brady Martz & Associates
Keith Gushard reports: The Erie VA Medical Center says it regrets any preventable disclosure of sensitive veteran information and takes appropriate action to inform and protect impacted individuals as quickly as possible. The statement, issued Monday… Continue reading Erie VA Medical Center says it regrets veteran info disclosure
Earlier today, French natural Sébastien Raoult learned his sentence in federal court in Seattle. Raoult, aka “Sezyo,” had been detained in Morocco as he prepared to fly home to France after a vacation. His detention in response to a Red No… Continue reading Sébastien Raoult sentenced in federal court; could be out in less than 11 months
LockBit3.0 claims to have hit CapitalHealth.org in New Jersey. In a listing posted on their site on January 7, the threat actors write, “We purposely didn’t encrypt this hospital so as not to interfere with patient care. We just stole over … Continue reading Capital Health acknowledges a cyberattack last month but details are lacking
Doug Levin recently wrote on Infosec.Exchange: Rant incoming. The frequency with which I read folks asserting that ‘education’ and in particular ‘U.S. K-12 schools’ are the most frequent ransomware target is so frustrating. Of c… Continue reading A point worth considering
On August 1, DataBreaches noticed that Parathon by JDA e-Health had been listed on the Akira ransomware leak site. Neither Akira nor Parathon responded to DataBreaches’ inquiries at the time, as DataBreaches reported on August 6. On October 30, P… Continue reading Parathon by JDA e-Health: what we still don’t know about their July ransomware incident
Lawrence Abrams writes: 2023 was a big year for cybersecurity, with significant cyberattacks, data breaches, new threat groups emerging, and, of course, zero-day vulnerabilities. Some stories, though, were more impactful or popular with our 22 million … Continue reading The biggest cybersecurity and cyberattack stories of 2023
DataBreaches previously reported a breach involving Integris Health in Oklahoma. The incident did not involve encryption, but the threat actors were reportedly contacting patients directly and offering to remove their protected health information for a… Continue reading Recent attacks on Fred Hutch and Integris: Is attempting to extort patients directly becoming the “new normal?”