On June 30, Mount Desert Island Hospital in Maine reported a breach to HHS that affected 24,180 patients. The hospital had previously disclosed the incident on June 5, when they posted a notice on their website that said that they had detected unusual activity on their network on May 4. An investigation determined that there…
Author: Dissent
TSMC confirms data breach after LockBit cyberattack on third-party supplier
Carly Page reports: Taiwan Semiconductor Manufacturing Company (TSMC), the world’s largest contract chipmaker, has confirmed it’s experienced a data breach after being listed as a victim by the LockBit ransomware gang. The Russia-linked LockBit ransomware gang listed TSMC on its dark web leak site on Thursday. The gang is threatening to publish data stolen from the company,…
Breach Victims Have Standing When Data Misused, 1st Circuit Says
Christopher Brown reports: A data-breach victim whose personal information was subject to actual misuse has standing to sue the entity that suffered the breach, a federal appeals court said. Plaintiff Alexsis Webb plausibly alleged an injury-in-fact sufficient to confer standing to sue Injured Workers Pharmacy Inc. based on her allegation that information stolen from the…
BlackCat continues attempting to extort healthcare entities
BlackCat has been busy and continues to attack the healthcare sector here and abroad. Visitors to their leak site this week saw listings for: Coachella Valley Collection Service, a service that provides debt collection services, including “medical, retail, commercial, judgment, and check debt collection.” BlackCat (aka AlphV) claims to have acquired 575 GB of data including…
Paying the ransom: Hospitals face hard choices in cyberattacks | Special Report
Ron Southwick has a thoughtful piece on the complexities of deciding whether or not to pay ransom if a healthcare entity is the victim of a cyberattack. As experts comment, while most experts and law enforcement prefer victims not pay ransom, sometimes entities decide they need to do it. But what are they paying it…
I had been chatting with a blackhat. They had been working with a whitehat. We were both dealing with the same person.
On April 18, DataBreaches reported that more details had emerged on the arrest of three men by Dutch police in January. The three were suspected of hacking and extorting victims in the Netherlands and elsewhere, obtaining and selling data online, and money laundering. A fourth person linked to the suspects known as “DataBox” had previously…