It’s the weekend, but breaches don’t take a break. Some breach or leak disclosures that I spotted in reading the news today: Ballad Health in Tennessee has disclosed a breach. As reported by WCYB, who also includes the full notice from Ballad, on or about January 13, Ballad detected unusual activity in an employee’s email…
Author: Dissent
HHS OCR Issues Annual HIPAA Reports to Congress
Chris Bennington of Epstein Becker Green writes, in part: The HITECH Act requires OCR to issue annual reports to Congress of HIPAA breaches and complaints received by OCR during the calendar year. For 2020, OCR reported that it received 656 notifications of breaches affecting 500 or more individuals, 66,509 notifications of breaches affecting fewer than…
Hackers use Conti’s leaked ransomware to attack Russian companies
Lawrence Abrams reports: A hacking group used the Conti’s leaked ransomware source code to create their own ransomware to use in cyberattacks against Russian organizations. […] However, the tables have now turned, with a hacking group known as NB65 now targeting Russian organizations with ransomware attacks. Read more at BleepingComputer.
Wellstar Health System discloses data breach
Ariel Hart reports: Wellstar Health System suffered a data breach through its email system, it reported Friday afternoon. Wellstar said it learned two months ago that someone unauthorized had gained access to two email accounts. Via those accounts, patients’ health care information was exposed, including patient laboratory information, Wellstar said in a written statement. “After…
Whitefish School District notifies 1,663 after employee fell for social engineering scam
Whitefish School District in Montana recently reported a data breach they discovered on March 11. An investigation discovered that an employee’s computer had been accessible to an attacker because the employee had fallen for a social engineering scam. As a result, a system containing personal information was open and accessible to the attacker. That system…
Lapsus$, Okta and the Health Sector
A whitepaper from the HHS Cybersecurity Program. April 7, 2022 Available online at https://www.hhs.gov/sites/default/files/lapsus-okta-health-sector-tlpwhite.pdf (26 pp, pdf)