CINCINNATI, OH: On February 23, 2016, many people began receiving a fraudulent email titled “Important Information: invoice 11471” from an unauthorized person who had accessed Mayfield Brain & Spine’s account at an outside vendor. This email was not sent by Mayfield. Mayfield notified recipients of the malicious email as soon as possible that same day,…
Category: Malware
Notice of Data Breach from Bay Area Children’s Association
To the Patients and Guarantors of Bay Area Children’s Association: On April 1, 2016, we received notice from our electronic medical record provider that some of our patient records were acquired by unauthorized persons. Specifically, they determined that cyber intruders may have installed malware on their system in January 2015 and, through credential theft, accessed…
Two men charged in Belarus over Penneco Oil theft
AP reports that two men have been charged by authorities in Belarus with receiving $1.35 million stolen from the bank account of Penneco Oil Co. in 2012 in a phishing scheme involving Bugat malware. I expect we’ll see a DOJ release on this later today or tomorrow, and I’ll update this post when it’s available.
Michigan electricity utility downed by ransomware attack
Richard Chirgwin reports: A water and electricity authority in the US State of Michigan has needed a week to recover from a ransomware attack that fortunately only hit its enterprise systems. Lansing’s BWL – Board of Water & Light – first noticed the successful phishing attack on its corporate systems on April 25, and has…
“Gozi Virus” Hacker Gets Cooperation Reward
Patricia Hurtado reports: A Russian who admitted creating a computer virus that infected more than 1 million computers worldwide was spared from additional prison time on top of the the three years he’s already spent locked up after U.S. prosecutors lauded his cooperation with their probe. Nikita Kuzmin, who was arrested in 2010 and pleaded…
Is ransomware considered a health data breach under HIPAA?
Back in March, I blogged about the question as to whether a ransomware attack needed to be reported to HHS as a HIPAA breach. In that post, I quoted an HHS spokesperson who informed DataBreaches.net that a ransomware situation was an impermissible disclosure (because the attacker had access to the data even if the data weren’t…