The Office of Inadequate Security
Earlier today, DataBreaches posted an HHS OCR announcement of a settlement with a HIPAA covered entity. A former contractor had accessed its electronic medical record system on three occasions without authorization to retrieve PHI for use in potential fraudulent Medicare claims. OCR imposed a monetary penalty of $1.19 million for the entity’s failure to: conduct…
Jessica Lyons reports: American energy contractor ENGlobal disclosed that access to its IT systems remains limited following a ransomware infection in late November. In a Monday filing with the US Securities and Exchange Commission (SEC), the company said it became aware of a cybersecurity incident on November 25 after criminals broke into its networks and locked…
Jeremiah Fowler reports finding another exposed database with a lot of personal information. This one may belong to SL Data Services, LLC, though Fowler notes that the folders inside it were named with separate website domains. “It appears that the company operates a network of an estimated 16 different websites, offering a range of information…
Waqas reports: As the holiday season kicks off, a ransomware attack on Blue Yonder, the world’s leading supply chain management software provider, has disrupted operations for Starbucks and other retailers worldwide. The attack, reportedly, affected the private cloud computing service Blue Yonder provided to some customers including Starbucks, but not the company’s public cloud environment. It is…
NEW YORK – New York Attorney General Letitia James and New York State Department of Financial Services (DFS) Superintendent Adrienne A. Harris today secured $11.3 million in penalties from two auto insurance companies, the Government Employees Insurance Company (GEICO) and The Travelers Indemnity Company (Travelers), for having poor data security which led to the personal information…
Daniel Croft reports: The incident was claimed by CyberN—–s members IntelBroker and EnergyWeaponUser, who originally said it was a Tesla EV charging station database containing files that belonged to Tesla. However, thanks to a tipoff by researcher DarkWebInformer and IntCyberDigest, the threat actors amended the listing to say it was a “random 3rd party company…