DataBreaches previously reported a breach involving Integris Health in Oklahoma. The incident did not involve encryption, but the threat actors were reportedly contacting patients directly and offering to remove their protected health information for a small fee before leaking or selling the data of what they claim is more than two million patients. DataBreaches noted…
Category: U.S.
Integris Health notifying patients of hack and warning them not to respond to the hackers
On December 24, Integris Health of Oklahoma started contacting patients about a cyberattack on November 28. The unnamed threat actors did not encrypt any of the health system’s files, but Integris learned that patients were being contacted directly by threat actors. Integris has posted a notice with updates and an FAQ to help inform those…
CBS, Paramount owner National Amusements says it was hacked
Zack Whittaker reports: National Amusements, the cinema chain and corporate parent giant of media giants Paramount and CBS, has confirmed it experienced a data breach in which hackers stole the personal information of tens of thousands of people. The private media conglomerate said in a legally required filing with Maine’s attorney general that hackers stole personal information…
ProSmile issues breach disclosure that creates more questions than it answers
On December 22, ProSmile Holdings, LLC in New Jersey issued a press release about a data breach. If ProSmile — a dental service organization — is a business associate or otherwise covered under HIPAA, no report from them has shown up yet on HHS’s public breach tool. They write, in part: In July 7, 2022,…
Mint Mobile discloses new data breach exposing customer data
Lawrence Abrams reports: Mint Mobile has disclosed a new data breach that exposed the personal information of its customers, including data that can be used to perform SIM swap attacks. Mint is a mobile virtual network operator (MVNO) owned by T-Mobile, offering budget, pre-paid mobile plans. […] The customer data exposed in the breach includes:…
U.S. water utilities were hacked after leaving their default passwords set to ‘1111,’ cybersecurity officials say
Wilfred Chan reports: Providers of critical infrastructure in the United States are doing a sloppy job of defending against cyber intrusions, the National Security Council tells Fast Company, pointing to recent Iran-linked attacks on U.S. water utilities that exploited basic security lapses. The security council tells Fast Company it’s also aware of recent intrusions by hackers linked to China’s…