DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Failure to terminate access can be costly. Very costly.

Posted on December 3, 2024 by Dissent

Earlier today, DataBreaches posted an HHS OCR announcement of a settlement with a HIPAA covered entity. A former contractor had accessed its electronic medical record system on three occasions without authorization to retrieve PHI for use in potential fraudulent Medicare claims. OCR imposed a monetary penalty of $1.19 million for the entity’s failure to:

  • conduct an accurate and thorough risk analysis to determine the potential risks and vulnerabilities to ePHI in its systems;
  • implement procedures to regularly review records of activity in information systems;
  • implement procedures to terminate former workforce members’ access to ePHI; and
  • implement procedures for establishing and modifying workforce members’ access to information systems.

That’s a costly failure to terminate access.

A Second Example

The following is a second recently disclosed example of  how failure to ensure termination of access contributed to a massive data breach. DataBreaches spotted this one in a court filing from Canada concerning Connor Riley Moucka, aka “Judische,” “Waifu,” and other monikers. The victims mentioned in the court filings refer to entities who suffered intrusions of their Snowflake instance.

On May 29, 2024, representatives from Victim-3 met with the FBI and confirmed that three categories of its information had been stolen from its cloud instance, including customer information for approximately 20 million customers, gift card information, and internal company business documents.

… Victim-3 hired an incident response company to investigate the breach and confirmed its instance had been compromised using stolen login credentials belonging to a former contractor located outside the United States. According to the incident response firm’s investigation, this former contractor’s credential was likely compromised via a credential stealer in approximately 2021 and available in cybercriminal marketplaces as early as May 2021. Stolen credentials are generally available for free and for purchase on the dark web.

Was the contractor still working for the firm in 2021 after their credentials were stolen? When did the contractor terminate employment? How often does this major retailer require all employees and contractors to reset their passwords? Does this retailer require 2FA? What procedures did this retailer have in place to terminate access for employees?

And why, oh why, did those credentials still work three years later in 2024?

How much will their failure to ensure termination of the former contractor’s access ultimately cost this retailer?


Related:

  • PowerSchool commits to strengthened breach measures following engagement with the Privacy Commissioner of Canada
  • Two more entities have folded after ransomware attacks
  • Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks
  • Michigan ‘ATM jackpotting’: Florida men allegedly forced machines to dispense $107K
  • Premier Health Partners issues a press release about a breach two years ago. Why was this needed now?
  • Missouri Adopts New Data Breach Notice Law
Category: Breach IncidentsBusiness SectorInsiderSubcontractorU.S.

Post navigation

← FBI, CISA say Chinese hackers are still lurking in US telecom systems
Unprecedented increase in liability for personal data leaks in the Russian Federation to take effect in May 2025 →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Clorox Files $380M Suit Alleging Cognizant Gave Hackers Passwords in Catastrophic 2023 Cyberattack
  • Cyberattacks Paralyze Major Russian Restaurant Chains
  • France Travail: At least 340,000 job seekers victims of new hack
  • Legal Silence and Chilling Effects: Injunctions Against the Press in Cybersecurity
  • #StopRansomware: Interlock
  • Suspected XSS Forum Admin Arrested in Ukraine
  • PowerSchool commits to strengthened breach measures following engagement with the Privacy Commissioner of Canada
  • Hungarian police arrest suspect in cyberattacks on independent media
  • Two more entities have folded after ransomware attacks
  • British institutions to be banned from paying ransoms to Russian hackers

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Meta Denies Tracking Menstrual Data in Flo Health Privacy Trial
  • Wikipedia seeks to shield contributors from UK law targeting online anonymity
  • British government reportedlu set to back down on secret iCloud backdoor after US pressure
  • Idaho agrees not to prosecute doctors for out-of-state abortion referrals
  • As companies race to add AI, terms of service changes are going to freak a lot of people out. Think twice before granting consent!
  • Uganda orders Google to register as a data-controller within 30 days after landmark privacy ruling
  • Meta investors, Zuckerberg reach settlement to end $8 billion trial over Facebook privacy violations

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.