On March 25, Christie Business Holdings Company, P.C. (“Christie Clinic”) disclosed a breach. As DataBreaches.net reported the next day, the clinic reported that an unauthorized actor had gained access to one business email account between July 14, 2021 and August 19, 2021. Christie’s investigation indicated that the intent of the attacker may have been to…
Category: Hack
WI: Black River Falls School District closed Friday after cyberattack
WKBT reports: The Black River Falls School District canceled all classes Friday because of an incident involving unauthorized access to the district’s IT network. Superintendent Shelly Severson sent an email to parents Thursday night saying that student record system is unavailable, and the district has no access to attendance, medication records, family contact information, or…
Weekend potpourri of breaches and leaks
It’s the weekend, but breaches don’t take a break. Some breach or leak disclosures that I spotted in reading the news today: Ballad Health in Tennessee has disclosed a breach. As reported by WCYB, who also includes the full notice from Ballad, on or about January 13, Ballad detected unusual activity in an employee’s email…
Lapsus$, Okta and the Health Sector
A whitepaper from the HHS Cybersecurity Program. April 7, 2022 Available online at https://www.hhs.gov/sites/default/files/lapsus-okta-health-sector-tlpwhite.pdf (26 pp, pdf)
East Tennessee Children’s Hospital updates information on ransomware incident
On March 15, this site noted that the East Tennessee Children’s Hospital had posted a notice about an IT security incident. At the time, they did not identify the incident as a ransomware incident. DataBreaches.net subsequently found some explanation for that notice — a listing on a Russian-language forum offering data from ETCH with numerous…
Ca: SLGA business partners should have figured out on their own that their data may have been stolen: minister
Geoff Leo reports on what sounds like an utterly unsatisfactory response by the government to questions as to why it didn’t directly notify those affected of a breach: The minister responsible for the Saskatchewan Liquor and Gaming Authority (SLGA) says the Crown corporation didn’t directly notify its business partners that their data may have been…