David Bol reports: Scotland’s auditor general has revealed that a huge cyber attack on the Scottish Environmental Protection Agency (Sepa) was carried out after “human error” allowed criminals to access systems. Sepa suffered a huge ransomware attack on Christmas Eve in 2020 which led to around 1.2GB of data, amounting to at least 4,000 files,…
Category: Phishing
WA: Patient info possibly disclosed in Spokane Health District data breach
Erin Robinson reports: The personal health information of more than 1,000 people may have been disclosed when staff at Spokane Regional Health District opened a phishing email. The data breach happened on December 21, 2021. SRHD Information Technology staff were immediately alerted and discovered files containing client-protected health information may have been “previewed” by the…
Sacramento County: Hundreds of personal records exposed in data breach
Jose Fabian provides details on a Sacramento County phishing incident reported to HHS last month: Hundreds of records containing personal information of Sacramento County residents were exposed in a phishing attack last year, the county said. Sacramento County said 2,096 protected health information and 816 personal identifiable records were exposed during a cyber attack on June…
WordPress plugin flaw puts users of 20,000 sites at phishing risk
Bill Toulas reports: The WordPress WP HTML Mail plugin, installed in over 20,000 sites, is vulnerable to a high-severity flaw that can lead to code injection and the distribution of convincing phishing emails. ‘WP HTML Mail’ is a plugin used for designing custom emails, contact form notifications, and generally tailored messages that online platforms send…
Two covered entities who discovered breaches last summer first notifying patients
Two breaches that were first reported to HHS in November have now been more fully disclosed. Both of the following breaches were first reported to HHS in November as impacting 500 or 501 patients — entries that this site usually suspects are just “markers” for “we have no idea yet how many were impacted.” Anne…
City of Tenino loses $280,309 to phishing email scam, state Auditor’s Office says
Martin Bilbao reports: The city of Tenino fell victim to a fraudulent scheme that cost it $280,309 in public funds, according to the Washington State Auditor’s Office. Former Clerk Treasurer John Millard initiated 20 automated clearing house payments from the city’s bank account to multiple out-of-state bank accounts from March 19 to May 4, 2020, per…