Collaborate Disseminate
Christopher Snowbeck reports on how the Change Healthcare attack has affected one clinic in Minnesota. His report provides a good illustration of the issues raised by a recent AMA survey of some physicians, reported here previously. From his reporting:… Continue reading Minneapolis therapy clinic sues over cyberattack at UnitedHealth subsidiary
Eric Geller reports: As U.S. hospitals struggle to pay their employees amid a cyberattack that knocked out a major payment vendor, a powerful Democratic senator is seizing the moment to push for better security in the sorely vulnerable healthcare secto… Continue reading Prominent US senator sees new momentum for healthcare cybersecurity push
As many people suspected, Omni Hotels & Resorts was the target of a ransomware attack in March. Omni first described the incident as a chain-wide “outage” due to IT issues. By April 1, guests were losing patience with the “outage…. Continue reading Omni Hotels & Resorts attack claimed by Daixin Team; 3.5 million guests’ data stolen (2)
Four months after law enforcement took down AlphV’s leak site and disrupted their operations, AlphV has not recovered. The damage from law enforcement in December was one factor. Then, in March, a self-described affiliate claimed that AlphV had g… Continue reading More Woes for Change Healthcare and Patients
SuspectFile reports: The American Renal Associates (ARA) provides care to patients suffering from end-stage renal disease (ESRD) and is one of the largest dialysis service providers in the United States. In a previous article, we reported on the theft … Continue reading Update: American Renal Associates Data Breach Exposes Over 37,700 Individuals: Medusa Exfiltrates 5TB+ Data
Steve Alder reports: A lawsuit against CareFirst BlueCross BlueShield that was filed in response to a 2014 data breach has had a contract class certified by a federal judge, 9 years after legal action was initiated. The lawsuit can now proceed and more… Continue reading Contract Class Certified in CareFirst Data Breach Lawsuit 9 Years After Legal Action was Initiated
On March 28, 2024, the U.S. Department of Education—in coordination with the Cybersecurity and Infrastructure Security Agency (CISA)—held the kickoff meeting of the Education Facilities Subsector Government Coordinating Council (GCC), designed to facil… Continue reading K12 SIX Applauds Launch of K-12 Education Cybersecurity Council
On April 2, Arizona-based On Q Financial notified the Maine Attorney General’s Office of a breach the mortgage lender experienced. Within days, law firms announced investigations into the breach and sought potential class action members. Was ther… Continue reading On Q Financial announces data breach, law firm feeding frenzy follows
A quick note that the official draft of CIRCA is now published: A Proposed Rule by the Homeland Security Department on 04/04/2024 All information is linked from https://www.federalregister.gov/documents/2024/04/04/2024-06526/cyber-incident-reporting-fo… Continue reading Proporsed Rule: Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Reporting Requirements
A recent listing on LockBit’s leak site about Crinetics Pharmaceuticals seemed unusual. It included a disclaimer: “Those responsible for the exfiltration of data belonging to this victim have no association, indirect or direct, with the Loc… Continue reading Threat actors walked away from a $1.8 million offer because the victim talked to the media?!