DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Failure to terminate access can be costly. Very costly.

Posted on December 3, 2024 by Dissent

Earlier today, DataBreaches posted an HHS OCR announcement of a settlement with a HIPAA covered entity. A former contractor had accessed its electronic medical record system on three occasions without authorization to retrieve PHI for use in potential fraudulent Medicare claims. OCR imposed a monetary penalty of $1.19 million for the entity’s failure to:

  • conduct an accurate and thorough risk analysis to determine the potential risks and vulnerabilities to ePHI in its systems;
  • implement procedures to regularly review records of activity in information systems;
  • implement procedures to terminate former workforce members’ access to ePHI; and
  • implement procedures for establishing and modifying workforce members’ access to information systems.

That’s a costly failure to terminate access.

A Second Example

The following is a second recently disclosed example of  how failure to ensure termination of access contributed to a massive data breach. DataBreaches spotted this one in a court filing from Canada concerning Connor Riley Moucka, aka “Judische,” “Waifu,” and other monikers. The victims mentioned in the court filings refer to entities who suffered intrusions of their Snowflake instance.

On May 29, 2024, representatives from Victim-3 met with the FBI and confirmed that three categories of its information had been stolen from its cloud instance, including customer information for approximately 20 million customers, gift card information, and internal company business documents.

… Victim-3 hired an incident response company to investigate the breach and confirmed its instance had been compromised using stolen login credentials belonging to a former contractor located outside the United States. According to the incident response firm’s investigation, this former contractor’s credential was likely compromised via a credential stealer in approximately 2021 and available in cybercriminal marketplaces as early as May 2021. Stolen credentials are generally available for free and for purchase on the dark web.

Was the contractor still working for the firm in 2021 after their credentials were stolen? When did the contractor terminate employment? How often does this major retailer require all employees and contractors to reset their passwords? Does this retailer require 2FA? What procedures did this retailer have in place to terminate access for employees?

And why, oh why, did those credentials still work three years later in 2024?

How much will their failure to ensure termination of the former contractor’s access ultimately cost this retailer?


Related:

  • PowerSchool commits to strengthened breach measures following engagement with the Privacy Commissioner of Canada
  • Two more entities have folded after ransomware attacks
  • Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks
  • Michigan ‘ATM jackpotting’: Florida men allegedly forced machines to dispense $107K
  • Premier Health Partners issues a press release about a breach two years ago. Why was this needed now?
  • Missouri Adopts New Data Breach Notice Law
Category: Breach IncidentsBusiness SectorInsiderSubcontractorU.S.

Post navigation

← FBI, CISA say Chinese hackers are still lurking in US telecom systems
Unprecedented increase in liability for personal data leaks in the Russian Federation to take effect in May 2025 →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure
  • Hacker group “Silent Crow” claims responsibility for cyberattack on Russia’s Aeroflot
  • AIIMS ORBO Portal Vulnerability Exposing Sensitive Organ Donor Data Discovered by Researcher
  • Two Data Breaches in Three Years: McKenzie Health
  • Scattered Spider is running a VMware ESXi hacking spree
  • BreachForums — the one that went offline in April — reappears with a new founder/owner
  • Fans React After NASCAR Confirms Ransomware Breach
  • Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack (1)
  • Infinite Services notifying employees and patients of limited ransomware attack
  • The safe place for women to talk wasn’t so safe: hackers leak 13,000 user photos and IDs from the Tea app

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Congress tries to outlaw AI that jacks up prices based on what it knows about you
  • Microsoft’s controversial Recall feature is now blocked by Brave and AdGuard
  • Trump Administration Issues AI Action Plan and Series of AI Executive Orders
  • Indonesia asked to reassess data privacy terms in new U.S. trade deal
  • Meta Denies Tracking Menstrual Data in Flo Health Privacy Trial
  • Wikipedia seeks to shield contributors from UK law targeting online anonymity
  • British government reportedlu set to back down on secret iCloud backdoor after US pressure

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.