Breach Incidents – Page 9 – DataBreaches.Net

Anna Jaques Hospital notifies 316,300 people about 2023 ransomware attack

Posted on December 7, 2024 by Dissent

On Christmas, December 2023, Anna Jaques Hospital (AJH) in Massachusetts was grappling with a cyberattack that knocked out their EHR system and resulted in them having to divert ambulances to other area hospitals. On January 23, they posted a preliminary website notice (archived) about the attack. That notice was posted four days after threat actors…

Trump FBI Pick Kash Patel’s Emails Accessed By Iranian Hackers: Report

Posted on December 4, 2024 by Dissent Doe

David Gilmour reports: President-elect Donald Trump’s FBI director pick, Kash Patel, was informed by the agency he’ll soon lead that he’d been targeted by Iranian hackers, sources familiar with the situation revealed to CNN. Hackers reportedly accessed some of Patel’s communications, according to one source. Patel, a former chief of staff to the defense secretary during Trump’s first term, has…

Failure to terminate access can be costly. Very costly.

Posted on December 3, 2024 by Dissent

Earlier today, DataBreaches posted an HHS OCR announcement of a settlement with a HIPAA covered entity. A former contractor had accessed its electronic medical record system on three occasions without authorization to retrieve PHI for use in potential fraudulent Medicare claims. OCR imposed a monetary penalty of $1.19 million for the entity’s failure to: conduct…

Bolton Walk-In Clinic in Ontario: lock down your backup already!

Posted on December 3, 2024December 17, 2024 by Dissent

DataBreaches hates reporting on an incident when the entity has not yet secured misconfigured storage, but after four months of futile efforts to get a Canadian clinic to respond to responsible disclosures, maybe publication will help get them off the dime. Bolton Walk-In Clinic in Ontario has a data protection policy that says: We are…

Attorney General James and DFS Superintendent Harris Secure $11.3 Million from Auto Insurance Companies over Data Breaches

Posted on November 25, 2024 by Dissent

NEW YORK – New York Attorney General Letitia James and New York State Department of Financial Services (DFS) Superintendent Adrienne A. Harris today secured $11.3 million in penalties from two auto insurance companies, the Government Employees Insurance Company (GEICO) and The Travelers Indemnity Company (Travelers), for having poor data security which led to the personal information…

Pacific Pulmonary Medical Group patient information dumped by Everest Ransomware Team

Posted on November 23, 2024November 23, 2024 by Dissent

The Pacific Pulmonary Medical Group (PPMG) in California has a significant data breach problem, but if you were to visit its website today, you’d have no clue that anything is amiss. On October 25, Everest Team added PPMG to its dark web leak site. The unencrypted personal and protected health information that they subsequently dumped…