HIPAA requires that covered entities notify HHS and affected patients of a reportable breach within 60 calendar days of discovery of a breach. Exceptions are made if law enforcement asks an entity to delay notification so as not to interfere with an investigation, but such requests are infrequent. So why are we first finding out…
Category: Hack
Amsterdam court hears case against alleged hacker, “DataBox”
DataBreaches previously reported that Dutch police arrested a 25-year-old man from Almere in November of 2022. Erkan S., known as “DataBox” on RaidForums, has been in custody since then. He was charged with dumping the GIS (Gebühren Info Service GmbH) data of nine million Austrians and listing it for sale on RaidForums in May 2020….
Norton Healthcare update on cyberattack
Norton Healthcare has six hospitals in Kentucky and one in Indiana. Since May 9, they have been working on recovering from a cyberattack. They don’t call it a ransomware attack but if they received faxed threats and demands as they state in their update, it was likely either a ransomware attack or someone skipped the…
Cybersecurity attack against Amazon-owned online pharmacy PillPack exposed user health data
Annie Burky reports: Amazon-owned PillPack reported a cybersecurity attack affecting the accounts of nearly 20,000 customers. An unauthorized person used customer emails and passwords to log into PillPack customer accounts, over 3,000 of which contained prescription information. Social Security numbers and payment information were not involved in the attack, according to the online pharmacy. Read…
The Underground History of Russia’s Most Ingenious Hacker Group
Andy Greenberg writes: Ask western cybersecurity intelligence analysts who their “favorite” group of foreign state-sponsored hackers is—the adversary they can’t help but grudgingly admire and obsessively study—and most won’t name any of the multitudes of hacking groups working on behalf of China or North Korea. Not China’s APT41, with its brazen sprees of supply chain attacks, nor…
‘Fraud is fun’: Teen hacker charged with breaking into DraftKings accounts leading to theft of $600,000
Lukas I. Alpert reports: A boastful teenage hacker has been charged with orchestrating a break-in to the sports betting website DraftKings, which led to $600,000 being drained from hundreds of customer accounts. Joseph Garrison, 18, of Madison, Wis., is accused of using stolen log-in and password combinations he bought on the dark web to hack…