A cyber-attack on the servers of the city of Bourg-Saint-Maurice took place this past weekend. Servers currently affected are those of tourism, Haute Tarentaise, and Séez. Le Dauphiné reports that the cybersecurity firm assisting with the investigation and recovery has found no theft of personal data (at least so far), but everything is encrypted. Although…
Category: Breach Incidents
Cancer patients in the State of Washington had their sensitive records hacked and dumped. Have they been notified?
On February 15, yours truly created an entry in the worksheet I maintain for tabulating U.S. incidents involving health data or protected health information. The entry listed “Capital Medical Center” in Washington as the breached entity, the date of disclosure as February 15, 2021, and the type of incident as a claimed ransomware attack by Avaddon…
CZ: Three weeks after ransomware attack, Olomouc continues to recover while still being threatened by threat actors
On April 9, DataBreaches.net noted a report that the municipality f Olomouc had suffered a cyber attack on April 7. There were almost no details other than the municipality estimated it might take two weeks to fully restore services. Since then, a few more details have emerged. We now know that it was the Avaddon…
Milan, the pharmaceutical company Mipharm SPA victim of a hacker attack
Marco A. De Felice reports: The group of cybercriminals Sodinokibi (REvil) has published some screenshots of the data stolen during the cyber attack on the servers of the Milanese pharmaceutical company. Read more on SuspectFile. Mipharm.it is just one of two pharmacological research firms noted on threat actors’ sites recently. Avaddon threat actors claim to…
Es: A cyber attack affected the city council of Xixona
The municipality of Jijona/Xixona in Spain has issued a notice about a cyberattack, but there are not many details. The notice on their web site, posted on April 23, says that the attack has seriously crippled city services (translated): The technicians are trying to reset the computer system and we hope we can fix it…
Will Beacon Health Solutions’ incident prompt OCR to start enforcing notification “without undue delay?”
The following is a DataBreaches.net commentary. Beacon Health Solutions issued a press release yesterday about a breach they experienced last year as a business associate. Their press release provides a useful example of why OCR needs to get serious about enforcing the requirement that entities notify patients within 60 days of “discovery.” “Discovery” does not…