Central Florida Inpatient Medicine (CFIM) is notifying 197,733 patients whose protected health information (PHI) was in an employee’s email account that was accessed by an unauthorized individual between August 21, 2021 and September 17, 2021. CFIM does not indicate when they first discovered that there had been a breach or how they first discovered it. …
Category: Hack
Confluence servers hacked to deploy AvosLocker, Cerber2021 ransomware
Sergiu Gatlan reports: Ransomware gangs are now targeting a recently patched and actively exploited remote code execution (RCE) vulnerability affecting Atlassian Confluence Server and Data Center instances for initial access to corporate networks. If successfully exploited, this OGNL injection vulnerability (CVE-2022-26134) enables unauthenticated attackers to take over unpatched servers remotely by creating new admin accounts…
Data breach lawsuits settle: UPMC vendor and a holding company for department stores
Two potential class action lawsuits involving data breaches have reportedly settled. One awaits final approval in October, but the other settlement is already final. University of Pittsburgh Medical Center data breach $450K class action settlement During April to June 2020, Charles J. Hilton PC (CJH), a firm hired by UPMC for billing services, allegedly suffered…
District 207 Approves Cybersecurity Contract In Wake Of Attempted Breach
Igor Studenkov reports: Maine Township High School Dist. 207 Board of Education voted unanimously on Monday (June 6) to award a one-year cybersecurity contract to the company that helped the district prevent a security breach a few weeks earlier. The district considered bids from seven vendors. When one of the bidders, Texas-based Crowdstrike, was demonstrating…
Defensive Cyber Attacks Declared Legal by UK AG, Path Cleared to “Hack Back” When Critical Infrastructure & Services Attacked
Scott Ikeda reports: The Attorney General of the United Kingdom has declared the country can make use of defensive cyber attacks when “key services” (such as critical infrastructure and banks) are struck by foreign threat actors. The country is taking a formal position on extending international law to the digital realm, something that nations have…
US agencies detail the digital ‘plumbing’ used by Chinese state-sponsored hackers
Martin Matishak reports: U.S. agencies on Tuesday offered new details about how Chinese state-sponsored hackers have used publicly known vulnerabilities to target internet service providers and major telecommunications firms around the globe over the last two years. Taking advantage of common vulnerabilities and exposures (CVEs) allows malicious actors backed by Beijing to break into victim…