From HHS’s October cybersecurity newsletter: Last year, the Department of Health and Human Services’ (HHS) Health Sector Cybersecurity Coordination Center (HC3) released a threat brief on the different types of social engineering1 that hackers use to gain access to healthcare information systems and data.2 The threat brief recommended several protective measures to combat social engineering, one of…
Category: U.S.
Another small firm suffers a serious ransomware attack: Cadre Services gets mauled by AlphV
There are some data leaks that make you shake your head and wonder about how a firm responded to a ransomware attack. This is one of them. Cadre Services (previously known as Premier Staffing) is a Wisconsin-based company providing employment and staffing services for office professionals. They have been in business since 1994. In a…
Casio discloses data breach impacting customers in 149 countries
Sergiu Gatlan reports: Japanese electronics manufacturer Casio disclosed a data breach impacting customers from 149 countries after hackers gained to the servers of its ClassPad education platform. Casio detected the incident on Wednesday, October 11, following the failure of a ClassPad database within the company’s development environment. Evidence suggests that the attacker accessed customers’ personal…
Cuba ransomware gang demands $1.9 million for decryption key; Rock County refuses
WCLO reports an update to the ransomware attack experienced by Rock County, Wisconsin in September after they were attacked by the Cuba ransomware gang: Rock County officials are refusing to pay the $1.9 million hackers are seeking to unlock files that were encrypted during a recent ransomware attack. … Smith says fortunately all critical systems…
Personal Touch Holding settles NY Attorney General’s lawsuit stemming from 2021 ransomware incident: will pay $350k, improve security
From a press release from the NYS Attorney General’s Office today: New York Attorney General Letitia James today secured $350,000 from a Long Island-based home health care company, Personal Touch Holding Corporation (Personal Touch), for failing to protect vulnerable New Yorkers’ personal information and health care data. Personal Touch’s poor data security made it vulnerable to…
UPDATE: D.C. Board of Elections data breach contained fewer than 4,000 D.C. voters’ data
On October 6, DataBreaches reported a breach allegedly containing more than 600,000 lines of data on registered voters in D.C., where, according to the threat actors who listed it, each line represented one voter’s records. Although there may have been 600k lines of data as previously reported, the D.C. Board of Elections released a statement…