What we know so far: On or about April 24, 2022, SFERRA became aware of suspicious activity on its computer servers. The investigation found that certain files may have been subject to unauthorized access between April 14, 2022, and April 24, 2022. The impacted information varied by individual but may include name, address, date of birth,…
Category: U.S.
Humana, Cotiviti settle class action affecting 65,000 members
There’s an update to a breach reported on DataBreaches that involved both a business associate (Cotiviti) and insider wrong-doing by an employee of a subcontractor of the business associate (Visionary). Humana and Cotiviti agreed to a class action settlement to resolve claims they jeopardized consumer data in a 2020 data breach. The settlement benefits consumers…
TX: Methodist McKinny Hospital beat Karakurt to the punch by revealing attack quickly
Yesterday, Karakurt threat actors added the Methodist McKinny Hospital in Texas to their dark web leak site. They listed the hospital as a “pre-release,” which is their way of putting pressure on a victim — or trying to put pressure on a victim — to pay so their data is not leaked or auctioned off….
GA: Hacker disrupts systems at Forsyth County medical office
On July 25, Forsyth County deputies responded to reports that the computer system of a medical office had been hacked. According to a report, a practice representative told deputies they had been alerted by community partners that suspicious emails were being sent out through the practices email system. Read more at Appenmedia.com The news report…
US regulator urges MFA and puts banks on notice – not reasonably protecting data is illegal
Jim Nash reports: A U.S. consumer finance regulator has published a circular warning that insufficient security for consumer biometric and other personal data is illegal under federal law. Multi-factor authentication is singled out as a method of making data security sufficient. Anyone reading that who still thinks it will never happen to them is invited…
NY: Practice Resources, LLC notifies 942,138 patients after ransomware attack
On August 4, Practice Resources, LLC notified the California Attorney General’s Office that it had been the victim of a ransomware attack on April 12. They also notified HHS that 942,138 patients were affected by the breach (see below). The New York firm is a business associate that provides a variety of health management services,…