There are various reasons entities may not want to disclose a data breach or respond to journalists’ inquiries. But when entities do not disclose a breach or deny it, and they do not respond to inquiries, they risk threat actors controlling the narrative. And if threat actors control the narrative, the entity may appear to…
Category: Health Data
IE: HSE confirms second ransomware attack but ‘no evidence’ patient data was stolen
Darragh Mc Donagh reports: There is no evidence that patients’ data was stolen during a second ransomware attack targeting Health Service Executive (HSE) systems earlier this year, the authority has said. Earlier this week, the HSE began offering compensation to victims of a cyberattack that caused widespread disruption in May 2021, costing the agency an estimated €102 million. It has now emerged that a second…
Examining impact of federal relief program after major healthcare cyberattack — Research Brief
The University of Minnesota has published a research brief: New research from the University of Minnesota School of Public Health provides the first detailed look at whether funding provided through a federal relief program effectively reached hospitals affected by a ransomware attack on Change Healthcare, a major processor of health insurance claims. The 2024 cyberattack exposed the…
The Hidden Risks of Information Disclosure: A Costly Lesson from Cornwall
Joseph J. Lazzarotti of JacksonLewis writes: When Royal Cornwall Hospital responded to a routine Freedom of Information request in 2023, they had no idea they were about to expose sensitive staff data to the public. The hospital recently apologized after discovering that a spreadsheet published on their website contained hidden sickness absence data for 8,100 current and…
They’ve escaped a lot of media attention, but Anubis RaaS is a threat to the medical sector (1)
Although many ransomware gangs no longer encrypt victims and focus on exfiltration and extortion, some groups continue to encrypt. Anubis RaaS is one of them. SuspectFile reports that Anubis recently attacked Mid South Pulmonary & Sleep Specialists (MSPS) in Tennessee and was willing to answer some questions from SuspectFile. According to the spokesperson, initial access…
“In the most expedient time possible…”
Regular readers have probably noticed that DataBreaches tends to get a tad sarcastic when entities claim they are notifying us of a “recent” breach, but that “recent” breach was quite a while ago. Although some state notification laws set specific deadlines for notification in the event of a breach, many states merely require notification “in…