Morris Hospital & Healthcare Centers (Morris Hospital) has issued a notification concerning a cybersecurity incident they discovered on April 4. The incident affects current and former patients of Morris Hospital and current and former employees and their dependents or beneficiaries. According to their explanation, their forensic investigation determined that “just prior to the incident,” data…
Author: Dissent
Insider-Wrongdoing in the Healthcare Sector
Michelle Del Guercio writes: On June 8, the Health Sector Cybersecurity Coordination Center (“HC3”) published Types of Cyber Threat Actors That Threaten Healthcare. In that publication, they identify five basic types of insider threats: careless or negligent workers malicious insiders inside agents disgruntled employees third parties In 2016, when Protenus and DataBreaches first began collaborating on…
Jefferson Health warns Cherry Hill hospital patients of potential data breach
John Paul Titlow reports: Some patients at Jefferson Cherry Hill Hospital are being advised to keep an eye on their credit reports due to a potential data breach. The hospital started notifying select patients this week that their private data may have been compromised after a backup hard drive went missing from a DEXA scan…
Cuba Ransomware Deploys New Tools: Targets Critical Infrastructure Sector in the U.S. and IT Integrator in Latin America
Blackberry’s Research and Intelligence Team writes: BlackBerry has discovered and documented new tools used by the Cuba ransomware threat group. Cuba ransomware is currently into the fourth year of its operation and shows no sign of slowing down. In the first half of 2023 alone, the operators behind Cuba ransomware were the perpetrators of several high-profile…
Compliance: National Credit Union Administration issues letter on cyber incident reporting notification requirements
CUNA reports: NCUA issued a Letter to Credit Unions (23-CU-07) on the cyber incident notification requirements that go into effect Sept. 1. Credit unions will be required to notify the NCUA no later than 72 hours after the credit union reasonably believes it has experienced a reportable cyber incident or has received a notification from…
ShopBack fined S$74,400 for data breach of over a million users
Zhao Yifan reports a follow-up to an incident previously noted on this site. Ecommerce Enablers, which operates the online shopping service platform ShopBack, was fined S$74,400 for its failure to safeguard users’ personal data. The data breach incident happened on Sep 9, 2020 when a malicious threat actor accessed Ecommerce Enablers’ storage server with a…