Solomon Israel reports: A data breach at Aurora Cannabis has exposed the personal information of an unknown number of the Canadian company’s current and former employees, Marijuana Business Daily has learned. An email sent to a victim of the data breach cites a Dec. 25 “cybersecurity incident during which unauthorized parties accessed data in (Microsoft cloud…
Category: Health Data
“Without Undue Delay, Part 1:” Update on earlier ransomware cases
In November, DataBreaches.net published a commentary arguing that patients need to be notified sooner of ransomware dumps even if HIPAA would seem to allow up to 60 days. As a companion to that piece, this site looked at 30 claimed ransomware attacks on U.S. healthcare entities that had been revealed on dedicated leak sites by…
Attacks targeting healthcare organizations spike globally as COVID-19 cases rise again– Researchers
Check Point writes: At the end of October 2020, we reported that hospitals and healthcare organizations had been targeted by a rising wave of ransomware attacks, with the majority of attacks using the infamous Ryuk ransomware. This followed a Joint Cybersecurity Advisory issued by the CISA, FBI and HHS, which warned of an increased and imminent cybercrime threat to US hospitals…
Indian government sites leaking patient COVID-19 test results
Is there anyone who didn’t see this coming? Ax Sharma reports: Websites of multiple Indian government departments, including national health and welfare agencies, are leaking COVID-19 lab test results for thousands of patients online. These leaked lab reports which are being indexed by search engines expose patient data, and whether they tested positive for coronavirus. Read more on BleepingComputer.
Apex Laboratory confirms ransomware attack; only recently discovered data theft
DataBreaches.net recently reported that Apex Laboratory Inc. had apparently been attacked by DoppelPaymer ransomware threat actors. Apex was added to their leak site on December 15. As proof of claims, the threat actors uploaded approximately 10,000 files containing protected health information of patients (PHI) and personally identifiable information of employees (PII). The 10,000 estimate is…
Cyberattack on emergency ambulance service in Wrocław
Szymon Palczewski reports (translation): The ambulance service in Wrocław fell victim to a hacking attack, during which the system responsible for supporting the work of dispatchers was violated. The reports of the incident so far indicate that it was a ransomware campaign. Hospital staff was informed about a hacking attack on the facility’s systems. In…