In December, 2018, Citrix forced a password reset for some of its clients due to what appeared to be a credential stuffing attack against ShareFile. But did some customers first find out about it March? On April 16, external counsel for LD Evans, CPA provided notification that began; On March 4, 2019, LD Evans learned…
Category: Breach Incidents
Five months after disclosing a patient PHI breach involving employee email accounts, Metrocare discloses a second, identical, breach?
On April 5, Metrocare Services in Texas notified HHS that it was notifying 5,290 clients of a breach. A notice on their web site explains: On February 6, 2019, we learned an unauthorized third party gained access into some Metrocare employees’ email accounts beginning on January 2019. We immediately took steps to secure the accounts…
OH: Health Recovery Services notifying more than 20,000 patients after discovering unauthorized access that began in 2018
Health Recovery Services in Athens, Ohio, recently notified 20,485 patients after discovering in that an unauthorized IP address had accessed their network. The unauthorized access appears to have begun in November, 2018, and continued until the intrusion was discovered on February 5, 2019. Although investigation could not find any evidence that ePHI had been accessed,…
Thousands of identities, personal information published in FBI-related hack
Alex Johnson reports: A nonprofit organization affiliated with the FBI confirmed that hackers breached the web servers of multiple chapters and published the names and addresses of hundreds of law enforcement personnel and thousands of other people online. The hacked materials, which were released late last week and obtained Sunday by NBC News, include names,…
A clever way to increase awareness in the workplace
Seen on Twitter. This is brilliant :))) Apparently Shawn is the HR boss. pic.twitter.com/N45GxdtwOa — Mladen Prajdic (@MladenPrajdic) April 11, 2019 [The image shows a “Password Change Sign Up Sheet” where employees can list their current password and the one they’d like it changed to. After a few employees signed up publicly that way, there’s…
WA: RS Medical notifies patients because an attacker potentially had access to their information
On April 7, RS Medical disclosed an incident that had the potential to compromise patient information. A copy of the notification from the Vancouver, Washington entity, obtained by DataBreaches.net, indicates that the attacker may not have been particularly interested in patient information, though: The primary purpose of the breach, as determined by internal investigation, was…