KYMA reports: Yuma Regional Medical Center (YRMC) said it mailed letters to thousands of patients whose information may have been involved in a recent cybersecurity incident. On April 25, 2022, YRMC identified a ransomware incident affecting some internal systems. Upon detecting the incident, YRMC shared with News 11 it took immediate action, taking systems offline,…
Category: U.S.
WA: MCG Health notifies patients and health plan members of data breach (updated)
Seattle-based MCG Health, LLC (“MCG”) provides patient care guidelines to providers and health care plans. According to a notice on their website that was also issued as a press release yesterday, on March 25, 2022, they determined that an unauthorized party had previously obtained personal information about some patients and members of certain MCG customers….
Personal and sensitive files from Tehama County Social Services leaked on dark web. Have the victims been notified?
On their dark web blog, Quantum threat actors claim to have acquired 32 GB of files from Tehama County Social Services in California. Quantum describes the files as involving information of county clients and employees: Financial information, budgets, fiscal docs, contracts, HR data, resumes, payrolls, clients personal data, scans ID, scans SSN, personal info, scans…
Vermont Enacts Insurance Data Security Law
Hunton Andrews Kurth writes: On May 27, 2022, Vermont Governor Phil Scott signed H.515, making Vermont the twenty-first state to enact legislation based on the National Association of Insurance Commissioners Insurance Data Security Model Law (“MDL-668”). The Vermont Insurance Data Security Law applies to “licensees”—those licensed, authorized to operate or registered, and those required to be…
District 207 Approves Cybersecurity Contract In Wake Of Attempted Breach
Igor Studenkov reports: Maine Township High School Dist. 207 Board of Education voted unanimously on Monday (June 6) to award a one-year cybersecurity contract to the company that helped the district prevent a security breach a few weeks earlier. The district considered bids from seven vendors. When one of the bidders, Texas-based Crowdstrike, was demonstrating…
Goodman Campbell Brain and Spine alerts patients to ransomware attack while continuing to provide care
Yesterday, Hive threat actors added Goodman Campbell Brain and Spine to their leak site, with a notice that they had encrypted the entity on May 20. They also provided some files as proof. But if Hive hoped this would pressure the multi-location medical entity, they seem to have misjudged their Indiana-based victim. On the homepage…