Collaborate Disseminate
Marianne Kolbasuk McGee reports: A cloud services firm has turned over to a New York hospital alliance the patient data stolen in an August ransomware attack by the notorious LockBit gang. The hospital group – North Star Health Alliance – h… Continue reading Cloud Vendor Returns North Star Health Alliance Data Stolen and Stored by LockBit
On December 28, DataBreaches published snippets from a chat with a threat actor (TA) who claimed to have involvement with both the Fred Hutch cyberattack and the Integris cyberattack. In the course of that exchange, the TA surprised DataBreaches by cla… Continue reading Fred Hutch failed to reveal threats of potential swatting attacks until this site revealed the threat. Should they have disclosed it themselves?
January 12, 2024 New York State Department of Financial Services (DFS) Superintendent Adrienne A. Harris today announced that Genesis Global Trading, Inc. (“Genesis Global Trading”) will pay an $8 million penalty to New York State for compliance failur… Continue reading NYS announces $8 Million Penalty Against Genesis Global Trading, Inc. After DFS Investigation Finds Significant Failings in Anti-Money Laundering and Cybersecurity Programs
In 2021, Quest-owned ReproSource Fertility Diagnostics disclosed a ransomware attack in August potentially affecting 350,000 patients. One month after disclosure, they were sued. Now Marianne Kolbasuk McGee reports that there is a settlement. A Massach… Continue reading Fertility Test Lab Will Pay $1.25M to Settle Breach Lawsuit
Matt Burgess reports: Thousands of emergency planning documents from US schools—including their safety procedures for active shooter emergencies—were leaked in a trove of more than 4 million records that were inadvertently made public. Last month, secu… Continue reading US School Shooter Emergency Plans Exposed in Raptor Technologies Data Leak
Keith Gushard reports: The Erie VA Medical Center says it regrets any preventable disclosure of sensitive veteran information and takes appropriate action to inform and protect impacted individuals as quickly as possible. The statement, issued Monday… Continue reading Erie VA Medical Center says it regrets veteran info disclosure
Steve Alder reports: Mark Kevin Robison, a former vice president of Commonwealth Health Corporation (now Med Center Health) in Kentucky has been sentenced to 2 years’ probation and ordered to pay $140,000 in restitution after reaching a plea agreement … Continue reading Former Executive Sentenced to Probation for HIPAA Violation
Eric Geller reports: The Biden administration plans to unveil new cybersecurity requirements for hospitals in the coming weeks as government officials scramble to stem a disturbing tide of hacks that have crippled health-care providers, delayed procedu… Continue reading After Barrage of Hacks, Hospitals Will Face New Federal Cybersecurity Rules Tied to Funding
HMG Healthcare has posted a notice of a data breach on its website, but most people are unlikely to notice the substitute notice because of the way it has been presented. If the purpose of a substitute notice under HIPAA is to reach people the covered… Continue reading HMG Healthcare notifies employees and residents of cyberattack
Frank Bajak reports: The U.S. retail mortgage lender LoanDepot is struggling to recover from a cyberattack that impacted its loan processing and phone service. In a filing on Monday with the Securities and Exchange Commission, the company said data was… Continue reading US retail mortgage lender LoanDepot struggles with cyberattack