Murray Macleod reports: A major cyber-attack on the University of the Highlands and Islands has still not been resolved — two months after it was first reported. Police investigations into the ransom demand — which was rejected and subsequently triggered a series of network problems — is continuing. The size of the demand is not being…
Author: Dissent
Orthopedic Associates of Dutchess County notifies more than 330,000 patients of breach
On March 5, Orthopedic Associates of Dutchess County in New York (“OADC”) became aware of suspicious activity involving its systems. Their investigation determined that an unauthorized actor gained access to certain OADC systems on or about March 1, 2021, encrypted files, and then claimed to have removed and/or viewed certain files. According to the notification…
A breach of patient information included limited data on 17,655 patients of Faxton St. Luke’s Healthcare.
WKTV reports that Faxton St. Luke’s Healthcare has disclosed that almost 18,000 of its patients were impacted by a breach at its business associate, CaptureRx. The breach occurred on February 6, and Faxton was notified on March 30. Investigation revealed that the types of ePHI included: First Name, Last Name, Date of Birth, Prescription Information,…
Exclusive: What Happened? A dispute between NightLion Security and Astoria Company Escalates
A DataBreaches.net exclusive: It is not uncommon for a firm to deny allegations that they have been breached. It is not uncommon for a firm to acknowledge that there has been a breach but claim that it is not as dramatic as a researcher might claim. And it is not uncommon for researchers to receive…
MN: RCTC students birthdates released in data breach
Erich Fisher reports that Rochester Community Technical College discovered it had twice made errors in responding to semi-annual public records requests from LexisNexis: A data breach at Rochester Community Technical College was identified and remedied on March 31 after it was discovered that a third-party company had received the birthdates of 5,392 students. No other…
Peloton’s leaky API let anyone grab rider’s private account data
Zack Whittaker reports: Halfway through my Monday afternoon workout last week, I got a message from a security researcher with a screenshot of my Peloton account data. My Peloton profile is set to private and my friend’s list is deliberately zero, so nobody can view my profile, age, city, or workout history. But a bug allowed…