Fewer health-care organizations are paying ransoms, but the average payment has soared. Eric Geller reports: Hospitals, clinics and other health-care organizations are facing a barrage of cyberattacks and struggling to provide normal services amid computer outages and loss of important files, according to newly published research by Proofpoint, an email security firm. Nearly 90% of…
Category: Health Data
OrthoAlaska notifies 176,203 patients of breach. When was the breach? (1)
On October 12, 2022 — almost a full year ago — OrthoAlaska discovered unauthorized activity on their systems. On March 3, 2023, they learned that information on former employees was stored in the system. On April 3, 2023, they notified those affected. And that’s where things remained until September 22, 2023, when OrthoAlaska notified HHS…
23andMe Cyberbreach Exposes DNA Data, Potential Family Ties
DarkReading reports: 23andMe, the popular DNA testing company, has launched an investigation after client information was listed for sale on a cybercrime forum this week. On Oct. 1, a post was published on the forum with a link to a sample of allegedly “20 million pieces of data” from the genetic testing company, claiming that it…
HC3: Monthly Cybersecurity Vulnerability Bulletin
October 05, 2023 TLP:CLEAR Report: 202310051200 September Vulnerabilities of Interest to the Health Sector In September 2023, vulnerabilities to the health sector have been released that require attention. This includes the monthly Patch Tuesday vulnerabilities released by several vendors on the second Tuesday of each month, along with mitigation steps and patches. Vulnerabilities for September…
Blackbaud settles breach probe by states for nearly $50M
Steven Ardary reports: A South Carolina software company has agreed to a multi-million dollar settlement for a 2020 ransomware event that exposed the personal information of millions of consumers in the United States. South Carolina Attorney General Alan Wilson announced that Blackbaud would pay $49.5 million to states settling allegations that the company violated state…
MOVEit Data Breach Lawsuits Sent to Massachusetts Federal Court
Christopher Brown reports: More than 100 lawsuits arising from a cyberattack on Progress Software Corp.‘s MOVEit file transfer application will be consolidated in federal court in Massachusetts, the Judicial Panel on Multidistrict Litigation said. Centralization of the lawsuits in the US District Court for the District of Massachusetts will serve the convenience of the parties and…