Of Note – Page 106 – DataBreaches.Net

BianLian Ransomware Pivots From Encryption to Pure Data-Theft Extortion

Posted on March 16, 2023 by Dissent

Elizabeth Montalbano reports: The BianLian ransomware group is ramping up its operations and maturing as a business, moving more swiftly than ever to compromise systems. It’s also moving away from encryption to pure data-theft extortion tactics, in cyberattacks that have so far bagged at least 116 victims, researchers have found. BianLian, first discovered last July, hasn’t deviated much…

Independent Living Systems updates its breach disclosure; notifying more than 4.2 million patients

Posted on March 15, 2023 by Dissent

In September 2022, Independent Living Systems LLC (ILS), a business associate in Florida, notified HHS and regulators of a network incident that affected 501 patients. They also provided public notice, but were unable to identify and notify all individuals who had been affected. The “501” was simply a marker to indicate “more than 500.” The…

Jelly Bean Communications Design and its Manager Settle False Claims Act Liability for Cybersecurity Failures on Florida Medicaid Enrollment Website

Posted on March 14, 2023 by Dissent

There’s an update to the Florida Healthy Kids breach that was due to their vendor, Jelly Bean Communications, not patching vulnerabilities for seven years. The incident was reported to HHS in January 2021 as impacting 3.5 million patients. Today, the U.S. Department of Justice announced: Jelly Bean Communications Design LLC (Jelly Bean) and Jeremy Spinks…

No need to hack when it’s leaking, DC Health Link edition

Posted on March 14, 2023September 26, 2024 by Dissent

On March 12, DataBreaches reported on the Health Benefit Exchange Authority data that was first leaked by a forum user known as “IntelBroker” and then by “Denfur.” The DC Health Link incident attracted a lot of media attention because it involved members of Congress, their staff, and their families. As StateScoop reported today, DC Health…

Ransomware Vulnerability Warning Pilot (RVWP)

Posted on March 13, 2023 by Dissent

The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), which President Biden signed into law in March 2022, required CISA to establish the RVWP (see Section 105 [6 U.S.C. 652]). ALERT CISA Announces Ransomware Vulnerability Warning Pilot Release Date March 13, 2023 Today, CISA is announcing the creation of the Ransomware Vulnerability Warning…

Data Exfiltration Trends in Healthcare

Posted on March 11, 2023 by Dissent

From the Office of Information Security / HHS and the Health Sector Cybersecurity Coordination Center: Data Exfiltration Trends in Healthcare March 9, 2023