On November 7, West Oaks Eyecare in Texas discovered one of their computer systems had been encrypted by malware. Their investigation into the incident indicated that the threat actor(s) may have accessed patient billing information: We thoroughly reviewed the files involved to determine what information they contained. Based on our review, we identified files that…
Category: U.S.
Maryland State Trooper leaked information to drug distributor, affidavit alleges
Troy Pope reports: A Maryland State Trooper was arrested after investigators say he tipped off a drug distributor, taking money for the information. The trooper has been identified as Justin Riggs, a 10-year veteran of the Maryland State Troopers. Read more at WUSA9, keeping in mind that people are innocent until proven guilty.
Captify’s Your Patient Advisor advises more than 244,000 consumers of payment card breach
Your Patient Advisor by Captify started notifying people in mid-December of a security breach that occurred in 2019 and continued for years. Captify Health (“Your Patient Advisor”) is an online retailer of colonoscopy preparation kits. In March of 2021, they were contacted about the fraudulent use of consumer credit cards potentially related to their payment…
Identity Thieves Bypassed Experian Security to View Credit Reports
Brian Krebs reports: Identity thieves have been exploiting a glaring security weakness in the website of Experian, one of the big three consumer credit reporting bureaus. Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their financial history. But until the end of 2022, Experian’s…
Des Moines Public Schools cancels Tuesday classes after cybersecurity attack
Samantha Hernandez reports: Des Moines Public Schools has canceled all classes for Tuesday after officials took the district’s internet and network offline Monday morning following what they described as “unusual activity” that was later determined to be an apparent cybersecurity attack. The district issued an announcement Monday afternoon saying offices will be open but staff may be…
When ransom negotiations become public, self-inflicted reputation harm may follow
Not all ransomware victims have given up on getting attackers to sign a nondisclosure agreement (NDA), so they can call a ransom payment a “bug bounty” and never disclose that they were the victim of a ransomware incident. At least, that’s how it seems, unless, of course, CyberOptics is going to claim that they were…