Rehoboth Mckinley Christian Health Care Services (“RMCHCS”) in New Mexico has reportedly settled litigation stemming from a ransomware attack that DataBreaches first reported in February 2021. Although Conti ransomware threat actors had added the health care service to their leak site and leaked some patients’ protected health information as proof of claims, there was nothing…
Category: Commentaries and Analyses
Activision did not notify employees of data breach for months
Lorenzo Franceschi-Bicchierai reports: On December 4, hackers successfully phished an employee at the games giant Activision, gaining access to some internal employee and game data. This data breach was not disclosed until last weekend, when cybersecurity and malware research group vx-underground posted on Twitter screenshots of the stolen data, as well as the hackers’ messages on Activision’s internal Slack…
Singapore data centre says no data loss discovered after report on hackers obtaining logins
CNA reports: Data centre operator ST Telemedia Global Data Centres (STT GDC) has noticed no data loss or impact to its customer service portals following a hacking incident in 2021, it said on Tuesday (Feb 21). Through unspecified means, the hackers made away with login credentials – email addresses and passwords – for customer-support websites for STT…
HardBit 2.0 Ransomware
Jason Hill reports: First observed in October 2022, HardBit is a ransomware threat that targets organizations to extort cryptocurrency payments for the decryption of their data. Seemingly improving upon their initial release, HardBit version 2.0 was introduced toward the end of November 2022, with samples seen throughout the end of 2022 and into 2023. Like…
Aviacode remains silent after 0mega dumps 200 GB of their files
On January 9, DataBreaches noticed that Aviacode had been added to the leak site for 0mega. Aviacode, which is part of GeBBS Healthcare Solutions, offers medical coding services, medical coding audits, coding denial management, clinical documentation improvement, and revenue cycle management for billings and claims. As such, it is often a business associate for HIPAA-covered…
Department of Education to Enforce Revised Cybersecurity Requirements and Expands Interpretation of “Third-Party Servicer” Definition
Duane Morris writes: The Department of Education has issued an electronic notice relating to the updated cybersecurity regulations published by the Federal Trade Commission (FTC). On December 9, 2021, the FTC amended the Safeguards Rule under the Gramm-Leach-Bliley Act (GLBA). This comprehensive amendment updated data security requirements for financial institutions, including all Title IV institutions of higher…