Here’s a great way to destroy any trust your patients might have in you. Madeleine Damo reports: Staff at a western Sydney radiologist – recently hit with a cyber attack – were told to tell concerned patients the breach was “an operational IT issue”, while also fielding harassing phone calls from hackers themselves. Imaging and diagnostics…
Category: Commentaries and Analyses
Fred Hutch failed to reveal threats of potential swatting attacks until this site revealed the threat. Should they have disclosed it themselves?
On December 28, DataBreaches published snippets from a chat with a threat actor (TA) who claimed to have involvement with both the Fred Hutch cyberattack and the Integris cyberattack. In the course of that exchange, the TA surprised DataBreaches by claiming that they had threatened Fred Hutch with swatting patients. From DataBreaches’ previous reporting: “So…
Fertility Test Lab Will Pay $1.25M to Settle Breach Lawsuit
In 2021, Quest-owned ReproSource Fertility Diagnostics disclosed a ransomware attack in August potentially affecting 350,000 patients. One month after disclosure, they were sued. Now Marianne Kolbasuk McGee reports that there is a settlement. A Massachusetts federal court preliminarily approved the proposed settlement on Wednesday. The proposed class action litigation, which consolidated two similar lawsuits against…
US School Shooter Emergency Plans Exposed in Raptor Technologies Data Leak
Matt Burgess reports: Thousands of emergency planning documents from US schools—including their safety procedures for active shooter emergencies—were leaked in a trove of more than 4 million records that were inadvertently made public. Last month, security researcher Jeremiah Fowler discovered 800 gigabytes of files and logs linked to school software provider Raptor Technologies. The firm…
UK CISO’s are cowing to ransomware demands more than you think, here’s why they shouldn’t pay up
Emma Woollacott reports: One-third of UK-based CISOs have confessed to paying ransomware groups millions of dollars in recent years in a bid to alleviate the impact of an attack, according to new research. Analysis from security firm Trellix found four-in-ten UK CISOs have managed a ransomware attack in the last five years – and in…
Follow-on extortion campaign: confirmation of some findings by Arctic Wolf
Bill Toulas of Bleeping Computer reported on a recent Arctic Wolf Labs investigation that caught my eye. Arctic Wolf investigated two cases where victims of the Royal and Akira ransomware gangs who had paid ransoms were subsequently approached by threat actors offering to help them by hacking into the server of the ransomware gangs to…