ABC reports: Thousands of South Australian public health patients are being contacted over a data breach of a third-party run portal. The state government said “unintentional human error” by patient portal Personify Care allowed an “unauthorised third party” to delete a folder used to store patient documents uploaded to an online platform. Department of Health…
Month: October 2023
Six months after data security incident, Fredericksburg Foot & Ankle Center notifies patients (1)
On October 24, the Fredericksburg Foot & Ankle Center (FFAC) in Virginia began mailing breach notification letters to almost 15,000 patients affected by a cyberattack. The letter’s “What Happened?” section simply stated, “As a result of a recent data security incident, an unauthorized person accessed our computer systems.” It did not mention ransomware or any…
Inadequate security measures: the Guarantor sanctions an ASL. The healthcare facility had suffered a ransomware attack
The following is a Google machine translation of a post by Italy’s data protection regulator. It strikes me yet again how entities covered by the GDPR get fined for poor or inadequate security practices that should — but generally do not — incur monetary penalties here: Sanction by the Privacy Guarantor of 30,000 euros to a…
Hackers escalate: leak 200k CCSD students’ data; claim to still have access to CCSD email system
Clark County School District (CCSD) in Nevada informed parents and employees that they became aware of a “cybersecurity incident” on October 5. Three weeks later, the district had not fully recovered from the attack and parents were complaining about the district’s lack of transparency about what was stolen in the breach. Disturbingly, while the district…
MO: ‘Cyber attack’ hits Reeds Spring schools. Data breach includes Social Security numbers
Claudette Riley reports: The Reeds Spring school district has notified employees and families that it was the “victim of a sophisticated cyber attack” that involved the unauthorized access — and acquisition — of district and personal data. They were told that names, dates of birth, Social Security numbers, health insurance information and even class lists may have…
France says Russian state hackers breached numerous critical networks
Bill Toulas reports: The Russian APT28 hacking group (aka ‘Strontium’ or ‘Fancy Bear’) has been targeting government entities, businesses, universities, research institutes, and think tanks in France since the second half of 2021. The threat group, which is considered part of Russia’s military intelligence service GRU, was recently linked to the exploitation of CVE-2023-38831, a remote…