HIPAA requires that covered entities notify HHS and affected patients of a reportable breach within 60 calendar days of discovery of a breach. Exceptions are made if law enforcement asks an entity to delay notification so as not to interfere with an investigation, but such requests are infrequent. So why are we first finding out…
Category: Breach Incidents
Update: NCB Management Services breach affected more than 1 million, but how many more? (1)
On April 11, DataBreaches reported that a breach involving NCB Management had affected 494,969 Bank of America customers with past-due credit card accounts. At first glance, it appeared that the Pennsylvania collections firm had reported the breach to the Maine Attorney General’s Office, but closer attention revealed that it was Bank of America’s external counsel…
Bits ‘n Pieces (Trozos y Piezas)
CO: SECOP II platform affected by “presumed hacking” The SECOP II platform is a transactional platform with accounts for state entities and contractors used for submitting, evaluating, and awarding contracts. On May 3, La Agencia Nacional de Contratación Pública – Colombia Compra Eficiente reported a cyberattack on its SECOP II platform. The attack was announced…
Peachtree Orthopedics alerts patients to cyberattack; third patient data breach in seven years
An Atlanta clinic alerts patients to at least its third incident involving patient data in seven years. Karakurt threat actors recently added Peachtree Orthopedics in Atlanta (Peachtree Orthopaedic Clinic, P.A.) to their leak site. As often seems to be the case with Karakurt listings, the date on Karakurt’s post is somewhat confusing, and they make…
Justice Department Announces Five Cases as Part of Recently Launched Disruptive Technology Strike Force
Cases Mark Strike Force’s First Enforcement Actions Since Established WASHINGTON – The Justice Department today announced criminal charges in five cases and four arrests from five different U.S. Attorney’s offices in connection with the recently launched multi-agency Disruptive Technology Strike Force. The Disruptive Technology Strike Force is co-led by the Departments of Justice and Commerce…
Only months after dealing with one problem, Academy Mortgage gets hit with a ransomware attack
Months after agreeing to pay $38.5 million to settle federal charges it violated the False Claims Act by improperly originating and underwriting mortgages insured by the Federal Housing Administration, Utah-headquartered Academy Mortgage now finds itself in the also-unenviable position of having its sensitive files dumped on the dark web by the AlphV (BlackCat) ransomware group….