DataBreaches.net has found two behavioral health entities that reportedly or allegedly experienced recent cyberattacks involving protected health information of patients. The first, Behavioral Health Partners of Metrowest (BHPMW), describes itself as a partnership that brings together leading social services and behavioral health agencies serving the Greater MetroWest region of Massachusetts. Together, they write, Family Continuity,…
Category: U.S.
Christus Health ransomware incident involved theft of sensitive patient and employee data
First, the good news (such as it is): a ransomware attack on Christus Health by Avos Locker has not impacted patient care. Now, the bad news: the threat actors acquired — and have already leaked — a lot of sensitive information on patients and employees. On May 11, Avos Locker added Christus Health to their…
Former top Republican lawmaker in Colorado received leak of voting data
Alexandra Ulmer reports: A former Republican minority leader of the Colorado legislature is among the recipients of a trove of sensitive voting data leaked by a county official working with activists seeking to prove President Donald Trump’s false stolen-election claims, according to court records reviewed by Reuters. The revelation indicates the breach of ballot data…
How criminals got away with hacking Pennsylvania unemployment accounts
Angie Moreschi reports: Paula Soffa is just one of the thousands of Pennsylvanians whose unemployment insurance account was hacked over the past year— not once, but twice. “They changed my password, they changed my username, and they changed my security questions,” Paula told 11 Investigates Angie Moreschi. “I was like what the heck! I was…
Texas Department of Insurance leak went undetected for three years — state audit
On April 5, DataBreaches reported: And then there’s the Texas Department of Insurance. They informed the Texas Attorney General’s office that 1,800,000 Texas were affected by a leak involving names, addresses, dates of birth, phone numbers, parts or all of Social Security numbers, and information about injuries and workers’ compensation claims. Anyone who had claim…
PA: Ransomware group claims to have hit Mercyhurst University
You may need to add Mercyhurst University in Pennsylvania to any list of post-secondary educational entities hit by ransomware. SuspectFile notes that the university has not confirmed any breach and LockBit has not posted any proof (yet?). But SuspectFile notes the irony that one month after one of the university’s four colleges participated in Cyber…