Following up on the FTC’s February 1 announcement about its enforcement action against GoodRx, the Department of Justice announced yesterday: The Department of Justice, together with the Federal Trade Commission (FTC), announced today that the government has resolved allegations that GoodRx Holdings Inc., doing business as GoodRx Gold, GoodRx Care, and Hey Doctor (GoodRx), violated…
Category: Breach Incidents
Lessons From a Ransomware Attack: The Importance of Partnership & Collaboration
The following is a guest article by John Gaede, Director of Information Systems at Sky Lakes Medical Center that appeared on Healthcare IT Today. Imagine a rural business is the victim of a cyberattack. A nefarious person or group convinces an unsuspecting employee to open an email promising a bonus. Within 12 hours, every piece of technology…
Rehoboth McKinley Christian Health Care Services settles data breach litigation for undisclosed amount
Rehoboth Mckinley Christian Health Care Services (“RMCHCS”) in New Mexico has reportedly settled litigation stemming from a ransomware attack that DataBreaches first reported in February 2021. Although Conti ransomware threat actors had added the health care service to their leak site and leaked some patients’ protected health information as proof of claims, there was nothing…
UK: Rail minister’s laptop with confidential details of strike talks is stolen from pub
Amy Gibbons reports: A laptop belonging to the rail minister holding confidential information about strike negotiations was stolen from a London pub, the day after the biggest strikes in more than a decade. Police launched an investigation into the theft of Huw Merriman’s laptop on Feb 2. The investigation has since been dropped. […] A government spokesman…
Protenus releases its 2023 Breach Barometer for Health Data Breaches
Protenus LLC has released its seventh annual Breach Barometer report. Unlike other analyses that seem to rely solely on reports to the U.S. Department of Health and Human Services, the Breach Barometer uses a broader lens and includes reports from non-HIPAA entities that involved medical data or health insurance information on employees or patients. There…
MN: KFI Engineers pays $300k ransom, Black Basta ransomware group thanks…
Marco A. De Felice (@amvinfe) managed to shoulder-surf ransom negotiations between Black Basta and KFI Engineers (“KFI”) in Minnesota. He reports that the victims wound up paying $300,000.00, half of what the attackers initially demanded. KFI counts schools and hospitals among its clients, but as an engineering firm, one would not expect them to have…