Century Specialty Script, LLC (“Century”) is a specialty pharmacy in New York. Yesterday, it disclosed a data security incident potentially impacting protected health information. According to their press release, they do not know when it happened, but one employee’s Microsoft Office365 accounts was compromised. The intruder’s access was discovered on or about July 28, and…
Category: U.S.
FL: Martin County website data hacked; investigation launched as county downplays threat
Sade M. Gordon reports: State and local law-enforcement agencies are investigating an apparent hack of data from the Martin County website. Officials were unaware the 3-year-old data — stored offsite — was stolen until a person contacted the county legal department early this week. The caller didn’t threaten the county or ask for ransom, spokesperson Martha Ann Kneiss…
Health Insurer Pays $6.85 Million to Settle Data Breach Affecting Over 10.4 Million People
HHS has announced another big settlement and corrective action plan. This one stems from a hack of Premera Blue Cross (PBC) in 2014 that went undetected until March of 2015. DataBreaches.net had covered this incident at the time and the follow-ups that included a class action lawsuit that settled, a settlement with state attorneys general,…
CISA says a hacker breached a federal agency
Catalin Cimpanu reports: A hacker has gained access and exfiltrated data from a federal agency, the Cybersecurity and Infrastructure Security Agency (CISA) said on Thursday. The name of the hacked federal agency, the date of the intrusion, or any details about the intruder, such as an industry codename or state affiliation, were not disclosed. Read…
Fallout From The Ransomware Attack At Illinois Valley Community College Is Still Far From Over
Peter Medlin has an update on the Pysa (mespinoza) ransomware attack on Illinois Valley Community College that was first disclosed in April. The college had not paid the ransom demand, and has continued to work to recover from the attack. Medlin notes: In the months since the ransomware incident, IVCC has had to rebuild and…
Maryland Man Sentenced to Prison for Intentionally Damaging the Computers of His Former Employer
From DOJ, this press release today about a case where a former employee exceeded previously authorized access: A Maryland man was sentenced by U.S. District Judge Catherine C. Blake today to 12 months and one day in federal prison, followed by three years of supervised release, for illegally accessing and damaging the computer network of…