On August 4, Practice Resources, LLC notified the California Attorney General’s Office that it had been the victim of a ransomware attack on April 12. They also notified HHS that 942,138 patients were affected by the breach (see below). The New York firm is a business associate that provides a variety of health management services,…
Author: Dissent
Atlantic Dialysis Management Services notifies patients of data security incident
On August 5, Atlantic Dialysis Management Services (ADMS) in New York issued a press release that no longer appears to be available on any of the sites that published it — with one exception. ADMS also posted a security incident notice on its website. Their website notice reads, in part: On June 9, 2022, Atlantic…
Florida Orthopaedic Institute settles lawsuit after 2020 ransomware incident
Top Class Actions reports that Florida Orthopaedic Institute, ooerated by the Musculoskeletal Institute, has agreed to pay $4 million to settle claims stemming from a 2020 ransomware attack. The incident was first disclosed in June 2020, and then reported to HHS on July 1 as affecting 640,000 patients. There is no notation in HHS’s public…
Digital Ocean dumps Mailchimp after attack leaked customer email addresses
Simon Sharwood reports: Junior cloud Digital Ocean has revealed that some of its clients’ email addresses were exposed to attackers, thanks to an attack on email marketing service Mailchimp. This story starts last week when some of the blockheads in crypto-land noticed that email marketing service Mailchimp had suspended service for some of their fellow…
U.K.: South Staffordshire Water says it was target of cyber attack as criminals bungle extortion attempt
It is not unheard of for ransomware groups to publicly misidentify their victims. We saw such errors from the outset of groups publicly naming and shaming victims and leaking data. DataBreaches reported on a few such cases involving Maze and has reported on other misidentifications in other groups since then. DataBreaches has occasionally contacted threat…
Signal says third-party data breach exposed 1,900 phone numbers
J. Fingas reports: Signal’s reputation for secure messaging doesn’t make it completely invulnerable to hacking incidents. The company has confirmed that a data breach at verification partner Twillio exposed the phone numbers and SMS codes of roughly 1,900 users. As TechCrunch observed, the intruder could have either used the information to either identify Signal users or re-register their numbers to other…