Lawrence Abrams reports: Over 500 hundred thousand Zoom accounts are being sold on the dark web and hacker forums for less than a penny each, and in some cases, given away for free. These credentials are gathered through credential stuffing attacks where threat actors attempt to login to Zoom using accounts leaked in older data…
Month: April 2020
Saint Francis Ministries Will Be Notifying Patients of Breach
Saint Francis Ministries issued a press release on Friday. It states, in relevant part: On December 19, 2019, Saint Francis became aware of suspicious activity relating to one of its employee’s email accounts. Saint Francis took steps to secure the email account and began working with outside computer forensics specialists to determine the nature and scope of the activity. On February…
Personal Touch and Crossroads Technologies sued after Maze Team attack
As reported by TopClassActions: A former patient says that home health provider Personal Touch failed to protect patients and customers from a ransomware attack on their computerized records. The hospital ransomware class action lawsuit was filed by plaintiff Lugenia Booker, who says that her personal information was included in the computer records of Personal Touch Holding…
New Wiper Malware impersonates security researchers as prank
Lawrence Abrams reports: A malware distributor has decided to play a nasty prank by locking victim’s computers before they can start Windows and then blaming the infection on two well-known and respected security researchers. […] When locked out, the PC will display a message stating that they were infected by Vitali Kremez and MalwareHunterTeam, who…
Less than two weeks after an Indiana hospital reported a phishing-related HIPAA breach, they had a second one
I was working today on adding details to spreadsheets that I use in calculating the gap between breach and discovery, and between discovery and notification. One of the incidents I was looking into today involved a report from Lafayette Regional Rehabilitation Hospital in Indiana. On November 25, they learned that in July, 2019 someone had…
A business associate’s response to a breach raises questions of timeliness
I know we’re in the middle of a pandemic, but an incident involving Avalon Health Care Management occurred before all that. And once again, I find myself scratching my head over the timeline in a notification and how Health & Human Services/Office for Civil Rights will view the timeline in terms of compliance with the…