As I tooted earlier this morning on Infosec.Exchange: One of the MOVEit victims was the Colorado Department of Health Care Policy & Financing, which was notified by IBM of the data breach. According to their notification, the information types included full name, Social Security number, Medicaid ID number, Medicare ID number, date of birth, home…
Category: Hack
One year later, Tift Regional Medical Center notifies patients of Hive attack
In September 2022, DataBreaches broke the story of how Hive had attacked Tift Regional Medical Center in Georgia between July and August. The attack did not involve encryption of systems but Hive claimed to have exfiltrated about 1 TB of data, including files with protected health information. On October 14, Tift notified HHS of an…
IN: Cummins Behavioral Health Systems discovers cyberattack when it finds ransom note
Sometime between Feb. 2 and March 9 of this year, Cummins Behavioral Health Systems (CBHS) in Indiana became a victim of a cyberattack. CBHS is a private not-for-profit organization providing behavioral health services in Boone, Hendricks, Marion, Montgomery, Putnam, and surrounding counties in Central and West Central Indiana. It provides care to persons of all…
Florida Healthy Kids notified by Maximus of MOVEit breach
Florida Healthy Kids is a state-created entity that provides health and dental insurance for Florida children aged 5-18. On Friday, they joined the unhappy ranks of those affected by the MOVEit breach that has affected more than 600 organizations already. In this case, it was their vendor, Maximus, who issued the notification. The number of…
CISA: Review Of The Attacks Associated with Lapsus$ And Related Threat Groups Report
Executive Summary Beginning in late 2021 and continuing late into 2022, a globally active, extortion-focused cyber threat actor group attacked dozens of well-known companies and government agencies around the world. It penetrated corporate networks, stole source code, demanded payments while rarely following up, lodged political messages in shadowy online forums, and swiftly moved on to…
Nova Scotia government still unsure of widespread impact from spring cyberattack
Jonathan MacInnis reports: The province of Nova Scotia is still unsure of how widespread the MOVEit security breach is, nearly two-and-a-half months after first becoming aware of the issue. Almost 1000 notifications have been sent out this month. “As you start getting into forensics you can find out that that trail can lead back a…