In what may be the largest health data breach reported so far in 2023, a government contractor affected by the MOVEit breach disclosed the breach in an SEC filing. ANS reports: Maximus, a US government services contracting company, has confirmed that hackers exploited a vulnerability in MOVEit Transfer to access the protected health information of…
Category: U.S.
Crooks pwned your servers? You’ve got four days to tell us, SEC tells public companies
Jessica Lyons Hardcastle reports: Public companies that suffer a computer crime likely to cause a “material” hit to an investor will soon face a four-day time limit to disclose the incident, according to rules approved today by the US Securities and Exchange Commission. The SEC proposed the changes last March, and on Wednesday the financial watchdog voted…
Deloitte denies Cl0p data breach claims in wake of MOVEit attack
Ross Kelly reports: Deloitte has refuted claims that the Cl0p ransomware gang has breached its systems and stolen company data amid speculation online. The accountancy firm was cited as a victim on Cl0p’s breach disclosure blog, sparking concerns that clients at the consultancy could be at risk. In its disclosure, Cl0p claimed “the company doesn’t…
Rush Health Must Face Suit Over Health-Info Sharing With Google
Christopher Brown reports: Rush System for Health must defend a proposed class action alleging it shared health information of patients using its patient portal with Google Inc. and other third parties, in breach of its contract with patients and in violation of the Illinois Eavesdropping Act. Marguerite Kurowski successfully stated a claim for breach of contract regarding…
In SEC Battle, Covington Ordered to Disclose Names of 7 Clients
Abigail Adcox reports: U.S. District Judge Amit Mehta of the District of Columbia has ruled that Covington & Burling must disclose to the U.S. Securities and Exchange Commission the names of seven clients whose information may have been exposed in a 2020 cyberattack that impacted the firm. “Covington shall produce to the Commission the names…
Law Firm Hack Affects Victims of an Earlier Breach Again
Marianne Kolbasuk McGee reports: A global law firm is notifying nearly 153,000 individuals of a hacking incident that compromised several client files. The files contained sensitive personal information and affects vision care patients who had been victims of a breach three years ago. Orrick, Herrington & Sutcliffe on July 20 reported the data breach to…