In September, Britton White and PogoWasRight.org teamed up to produce an explainer and caution about infostealers that was oriented to the public. Our article, Redline: Storing Passwords in your Browser Can Ruin Your Life (But Will Make Criminals VERY Happy!) included cautions about employees who work from home and who might have their login credentials…
Category: Breach Incidents
As people headed out for the holiday weekend, breaches of protected health information were being disclosed. (2)
Update: The MCNA (Managed Care of North America) incident was reported to the Maine Attorney General’s Office as affecting a total of 8,923,662 people. Update 2, May 29: This incident was claimed by LockBit in March and data were leaked in April, but the data dump URLs were not working as of last check yesterday….
Two ransomware groups claimed to have attacked Albany ENT & Allergy Services and leaked data, but AENT doesn’t mention that at all in their notification?
On April 28, DataBreaches reported that two different ransomware groups claimed to have attacked Albany ENT & Allergy Services, P.C. in Albany, New York. This week, Albany ENT & Allergy Services notified regulators and 224,486 affected employees and patients about a breach. Their notification is stunning, however, for its lack of certain details. In their…
Tennessee Orthopaedic Clinics notifies HHS of breach; has yet to notify patients
An undated message on the Tennessee Orthopaedic Clinics website states that TOC recently responded to a security incident. They don’t say when they discovered it, but their investigation determined “that an unauthorized party accessed some of our systems between March 20, 2023, and March 24, 2023, and may have accessed or acquired certain files.” The…
The Vascular Center of Intervention breach — what their notification says and what it didn’t say
On May 24, the Vascular Center of Intervention (VCI) in California submitted a breach notification to California and posted a substitute notice on VCI’s website. The notification, signed by Dr. James Lee, states that on March 29, VCI became aware of unusual activity on its network. An investigation revealed that some patient-related files had been…
Norton Healthcare didn’t call it a ransomware attack. Then BlackCat claimed responsibility for it.
On May 20, DataBreaches reported that Norton Healthcare in Kentucky and Indiana had disclosed what sounded like a ransomware incident that they discovered on May 9, but they never called it a ransomware incident, even though they stated that they had received faxed threats and demands. Today, AlphV (BlackCat) claimed responsibility for the attack and…