April 28, 2023 New Data Breaches from Cl0p and Lockbit Ransomware Groups Executive Summary Ransomware-as-a-service (RaaS) groups Cl0p and Lockbit recently conducted several distinct attacks, exploiting three known vulnerabilities (CVE-2023-27351, CVE-2023-27350, and CVE-2023-0669). The Cybersecurity and Infrastructure Security Agency (CISA) added the latter two vulnerabilities to its Known Exploited Vulnerabilities Catalog but has not yet…
Category: Health Data
U. of Iowa Health Care denies sharing patient data with Facebook, but are they right?
DataBreaches never accused U. of Iowa Health Care of sharing patient data with Facebook, but it seems that someone did. Clark Kaufmann reports: The University of Iowa Hospitals & Clinics is denying that it shares any confidential patient information with Facebook. Last week, lawyers for an Iowa woman, Eileen Yeisley, filed suit against UIHC in…
United HealthCare reports a data breach that may have revealed the customer’s personal information
The CBS reports: United HealthCare made customers aware of a data breach on Friday, which temporarily allowed access to personal information for those enrolled in the company’s healthcare plans. According to a statement, “suspicious activity” was noticed on the UHC mobile application “that may have led to the disclosure of member information.” The company says…
Two ransomware groups list Albany ENT & Allergy Services on their leak sites
On April 23, the BianLian ransomware group listed: A***** *** * ******* S******* BianLian often uses the asterisk system before they actually name the victim and leak data. Today, though, DataBreaches also saw the following on the RansomHouse leak site: Albany ENT & Allergy Services They’re both listing the same entity (even the listed revenues…
MI: McLaren Greater Lansing Hospital accused of leaving patient medical records in decommissioned hospital
Ta’Niyah Jordan reports: Patient medical records are meant to be private. But one of Lansing’s largest hospitals is being accused of leaving behind boxes of confidential patient files in a decommissioned hospital. […] A whistleblower who attended the April 19th preview at the Pennsylvania campus says he found several boxes containing patient files. In images…
Data breach could affect up to 100,000 patients at Queensway Carleton Hospital
Elizabeth Payne reports: Health and personal information, home addresses and OHIP numbers of up to 100,000 patients at Queensway Carleton Hospital have been affected by a major data breach involving an Ottawa-based third-party software provider. The hospital sent out public notices of the breach Friday and is contacting patients individually. It has also notified the…