So this is not a W-2 phishing situation, but TALX – a wholly-owned subsidiary of Equifax – is working with Entergy to notify former and current Entergy employees whose 2016 W-2 data may have been acquired by criminals from the TALX portal. In a letter to the New Hampshire Attorney General’s Office, counsel for TALX…
Category: Breach Incidents
Lawsuit against Rensselaer County partially revived on medical privacy issue
There’s an update to an insider-wrongdoing lawsuit that I first noted back in September, 2013, after some employees at Rensselaer County Jail filed suit against their employer for snooping in their medical records. As I’ve reported in the past, the breaches occurred against a backdrop where the county jail uses Samaritan Hospital to provide services…
Tennessee hospital notifies 24,000 patients after EMR system attacked with cryptocurrency mining software
In what may be the first report I’ve seen of a hospital having their EMR server hit with cryptocurrency mining software, Decatur County General Hospital in Parsons, Tennessee started notifying 24,000 patients on January 26. A substitute notice on their web site explains: On November 27, 2017, we received a security incident report from our EMR…
TN: Smith Dental notifies HHS of ransomware attack affecting 1,500
On January 22, Robert Smith, DMD, PC in Tennessee reported a breach to HHS. The report indicated that 1,500 patients were impacted by a hacking/IT incident involving their network. A Google search indicated that the practice was likely to be “Smith Dental” in Tennessee. But I could find no press release or statement on their…
RBS releases its year-end roundup and breach analysis
There’s nothing like some dramatic numbers to get attention to data breaches. Risk Based Security, Inc. has released their 2017 statistics, and yes, some of the numbers are dramatic. Here are just two snippets from their blog post about the report: There were 5,207 breaches recorded last year, surpassing 2015’s previous high mark by nearly…
Hack The Box discloses email gaffe
Nowadays, you are more likely to first learn of breaches on Twitter than from the entity’s site or email, as this thread today from Hack The Box demonstrates: Dear users – we apologise unreservedly for the recent disclosure of email addresses. A statement will follow shortly regarding the cause, impact, and preventative measures that we’ll…