November 1, 2023 TLP:CLEAR Report: 202311011500 Executive Summary A recent attack on a U.S.-based medical facility in October 2023 highlights the potential threat of the ransomware gang, 8Base, to the Healthcare and Public Health (HPH) sector. Active since March 2022, 8Base became highly active in the summer of 2023, focusing their indiscriminate targeting on multiple…
Category: Commentaries and Analyses
Virginia’s Fairfax Schools Expose Thousands of Sensitive Student Records
Linda Jacobson reports: Virginia’s Fairfax County Public Schools disclosed tens of thousands of sensitive, confidential student records, apparently by accident, to a parent advocate who has been an outspoken critic of its data privacy record. The documents identify current and former special education students by name and include letter grades, disability status and mental health…
It took an HHS complaint, but three years later, some Ventura Orthopedic patients are finally being notified of a ransomware attack
In August 2020, DataBreaches reported that the Maze ransomware gang had added Ventura Orthopedics to their name-and-shame leak site. At the time, Ventura did not respond to inquiries about whether they would confirm or deny the claims. And they did not respond to other inquiries from DataBreaches when the Conti ransomware gang subsequently listed 1,850…
Wawa Data Breach Settlement’s $3 Million Lawyers Fee Rejected
Jennifer Kay reports: A federal appeals court has vacated over $3 million in attorneys’ fees awarded as part of a $12.2 million data breach settlement against Wawa Inc. The fee award issue now is remanded to the district court “to take a closer look at the reasonableness of the attorney’s fees in proportion to class…
Exclusive: Daixin Team claims responsibility for attacks affecting Canadian hospitals, starts leaking data
Daixin Team is now claiming responsibility for — and leaking data from — an attack that has significantly impacted five Canadian hospitals in Ontario. TransForm Shared Service Organization provides IT, supply chain, and accounts payable services to Bluewater Health, Windsor Regional Hospital, Hotel Dieu Grace, Erie Shores Healthcare, Hospice of Windsor-Essex, and the Chatham-Kent…
HHS announces its first settlement in a ransomware case: Doctors’ Management Services
From HHS, this interesting press announcement: Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement under the Health Insurance Portability and Accountability Act (HIPAA) with Doctors’ Management Services, a Massachusetts medical management company that provides a variety of services, including medical billing and payor credentialing. The…