From the press release: United States Attorney Peter G. Strasser announced that KENDRA GRAVES, age 31, was charged on January 31, 2019 in a two-count bill of information with theft of government funds, in violation of Title 18, United States Code, Section 641 and identity theft in violation of Title 18, United States Code, Section…
Category: Breach Incidents
TN: Pellissippi State Community College reveals data breach potentially affecting 222 students
DT staff reports: More than 200 current and former students of Pellissippi State Community College could be in danger of identity theft because an unauthorized user had access to their personal information, the school revealed Monday. Pellissippi State said it had notified 222 people whose information might have be been compromised through an email account…
CT: Dr. DeLuca & Dr. Marciano Eye Associates notify almost 24,000 patients after ransomware attack
Another ransomware attack that could have been even worse, but the doctor’s office had backups and was able to restore from backup without paying the ransom demand — and their cyberinsurance policy helped pay for them notifying patients. The incident was reported to HHS by Dr. DeLuca & Dr. Marciano Eye Associates as affecting 23,578 patients. The…
FABEN Obstetrics and Gynecology notifies more than 6,000 patients after ransomware attack
On November 21, the FABEN OB/GYN practice in Florida got infected with GandCrab ransomware. They do not disclose how that happened, but the problem was detected quickly. To mitigate any damage or risk, FABEN decided to delete the infected files and restore files from backups. But they didn’t have backups of all files. Any files…
DHS: Emergency Directive 19-01
From the Department of Homeland Security: January 22, 2019 Mitigate DNS Infrastructure Tampering This page contains a web-friendly version of the Cybersecurity and Infrastructure Security Agency’s Emergency Directive 19-01, “Mitigate DNS Infrastructure Tampering”. Section 3553(h) of title 44, U.S. Code, authorizes the Secretary of Homeland Security, in response to a known or reasonably suspected information…
Valley Hope Association notifies patients after employee email hack
Note: VHA’s notice on their web site emphasizes that no diagnostic or treatment information was exposed. Given the nature of this provider, that will be a relief to many patients. Because this incident is not yet posted on HHS’s public breach tool, we do not yet have the number being notified. The following is VHA’s…