Marco A. De Felice (@amvinfe) managed to shoulder-surf ransom negotiations between Black Basta and KFI Engineers (“KFI”) in Minnesota. He reports that the victims wound up paying $300,000.00, half of what the attackers initially demanded. KFI counts schools and hospitals among its clients, but as an engineering firm, one would not expect them to have…
Category: Breach Incidents
Ca: Sobeys admits to data breach in fall 2022, alerts customers and employees
Hafsa Arif provides an update on the ransomware attack on Sobeys, a Canadian supermarket chain, by Black Basta last year: The Maritime-based Empire Co. – parent company of Sobeys – acknowledges customers and employees past and present are receiving letters saying their personal information may have been compromised. Read more at CTV.
Aviacode remains silent after 0mega dumps 200 GB of their files
On January 9, DataBreaches noticed that Aviacode had been added to the leak site for 0mega. Aviacode, which is part of GeBBS Healthcare Solutions, offers medical coding services, medical coding audits, coding denial management, clinical documentation improvement, and revenue cycle management for billings and claims. As such, it is often a business associate for HIPAA-covered…
Mscripts notifies 66,372 patients whose prescription information was in unsecured cloud storage for two years
“Thousands of pharmacies & millions of people use mscripts,” the mscripts website claims. “We provide a digital communication platform to help patients stay on track with their healthcare by delivering targeted messages through a mobile and web platform tied directly to the pharmacy dispensing system,” the California firm explains. mscripts is Cardinal Health’s mobile pharmacy…
Edgepark Medical Supplies notifies patients of Rise Interactive Media & Analytics data breach
RGH Enterprises, Inc. d/b/a Edgepark Medical Supplies (“Edgepark”) is an Ohio medical supplies provider that ships products directly to patients and bills their insurance for them. Rise Interactive Media & Analytics, LLC (“Rise”) is an Illinois firm that provides digital marketing services for Edgepark as a business associate. They also provide analytics and other services…
Reventics notifying patients of ransomware incident
Reventics LLC is a business associate in Colorado offering revenue cycle management, clinical documentation, and quality improvement services. On or about December 15, 2022, Reventics detected some anomalies in its systems and discovered an intrusion and encryption of its files. Some of those files contained protected health information (PHI) of patients. On December 27, an…