In July 2021, Chelan Douglas Health District in Washington experienced a data breach. They disclosed the breach to the public in March 2022, surprisingly patting themselves on the back for completing their investigation in 6-7 months. A number of media reports indicate that the breach reportedly affected almost 109,000 patients, but the breach was reported…
Category: Breach Incidents
How many similar breaches can one entity have in one year before regulators do something?
How many data breaches can an entity have before either some regulator steps in with a corrective action plan or something happens to reduce the likelihood of more breaches? Consider the following: Breach # 1 On February 22, 2022, Minuteman Senior Services (MSS) identified suspicious activity related to an employee’s email account. According to the notification…
US Healthcare at risk: Strengthening resiliency against ransomware attacks
Microsoft writes: The healthcare sector faces a rapidly increasing range of cybersecurity threats, with ransomware attacks emerging as one of the most significant. A combination of valuable patient data, interconnected medical devices, and small IT/cybersecurity operations staff, which spreads resources thin, can make healthcare organizations prime targets for threat actors. As healthcare operations become increasingly digitized—ranging…
Cardiology of Virginia patient data appears to be up for sale. Has the entity issued any statement at all?
On September 7, RansomHub added Cardiology of Virginia to its dark web leak site, claiming that about 1 TB of files had been acquired. DataBreaches assumes no payment agreement was struck as RansomHub subsequently leaked data, complete with a filelisting, youtube video, and other files. “For bulk archive and confidential data analyzes trough our own…
Birth Choice of San Marcos to notify patients of breach at National Diagnostic Imaging
On March 16, 2024, National Diagnostic Imaging (NDI) experienced a network disruption. Their investigation subsequently revealed that they had been the victim of unauthorized access between February 19, 2024, and March 27, 2024. According to a letter from one of their clients, they notified Birth Choice of San Marcos on August 19 of the scope…
Developing: Brazilian hacker known as “USDoD” arrested by federal police
TV Globo reports (machine translation) that a 33-year-old Brazilian hacker suspected of invading the systems of the Brazilian federal police and other international institutions has been arrested. The hacker, known as “USDoD” was arrested this morning in Belo Horizonte (MG), less than two months after he was doxed by Crowdstrike. The public doxing of him…