March 5. The U.S. Department of Health and Human Services (HHS) is aware that Change Healthcare – a unit of UnitedHealth Group (UHG) – was impacted by a cybersecurity incident in late February. HHS recognizes the impact this attack has had on health care operations across the country. HHS’ first priority is to help coordinate…
Author: Dissent
Update: Robert A. Purbeck, aka “Lifelock, to plead guilty in Atlanta
In 2018, a criminal hacker known as “Lifelock” reached out to DataBreaches to share details about two healthcare entities that had not met his ransom demands. These entities were a dental practice in Menlo Park, California, and the Holland Eye Surgery & Laser Center in Michigan. The latter case drew more attention from DataBreaches due…
Fraudster’s fake data breach claims should remind media to be careful what we report
Over the past few weeks, DataBreaches had occasionally checked a dark web leak site by an individual or group called “Mogilevich.” However, DataBreaches didn’t report on any of their claimed victims because the site and the claims seemed sketchy and there was no confirmation. DataBreaches will not name and shame those sites or outlets that…
Developing: AlphV allegedly scammed Change Healthcare and its own affiliate (1)
Developing: Someone claiming to be an “affiliate plus” for AlphV claims they were responsible for the Change Healthcare attack but that AlphV stole the payment Change Healthcare had made and suspended the affiliate’s account. The affiliate’s claims appeared on Ramp Forum and have been circulating since then. The post can be seen below, via @vx-underground:…
Three recent breach disclosures remind us how seldom timely breach notification is enforced under HITECH
Three recent data breach disclosures involving patient data all exceeded HIPAA’s 60-day deadline to notify HHS and individuals. Yakima Valley Radiology A breach involving the Washington state radiology service was added to Karakurt’s leak site in November 2023 with a listing claiming — without proof — that they had acquired 9.31 GB of files with financial…
EPIC Emphasizes That FCC Pilot Program Protect Student Privacy, Not Just School Cybersecurity
From the good folks at EPIC.org: On February 27, EPIC filed reply comments with the Federal Communications Commission supporting the FCC’s proposal to use funds from its E-Rate program to support strengthening cybersecurity at schools and libraries, as these are increasingly attractive targets to hackers. The E-Rate program uses discounted pricing to facilitate schools and libraries providing…