Aaron Sanderford reports: Nebraska on Monday became the first state to sue Tennessee-based Change Healthcare over the company’s massive data breach that cost at least 575,000 Nebraskans their personal information and medical records. … The breach was blamed on a low-level employee who had his or her login credentials hacked. Nebraska Attorney General Mike Hilgers…
Category: Of Note
Rhode Island Residents’ Data Breached in Large Cyberattack; Data May Be Leaked Soon
Aimee Ortiz reports: The personal and private information of possibly hundreds of thousands of people who applied for government assistance in Rhode Island could be in the hands of hackers after a huge cyberattack, state officials said on Friday. The cybercriminals said to be behind the attack threatened to release the data unless they received…
No need to hack when it’s leaking, Canadian edition: Care1
Jeremiah Fowler discovered a non-password-protected database that contained more than 4.8 million records belonging to Care1 — a Canadian company offering AI software solutions to support optometrists in delivering enhanced patient care: The publicly exposed database was not password-protected or encrypted. It contained over 4.8 million documents with a total size of 2.2 TB. In a…
Global Police Action Against DDoS Attackers: Operation PowerOFF
A press release from Dutch Politie: Starting this week, law enforcement agencies from fifteen different countries, together with Europol, are once again taking large-scale action against DDoS-for-hire services. In Operation PowerOFF, three arrests were made internationally, 27 websites were taken offline and data from three servers was secured. The Dutch police, under the authority of…
HHS OCR settles charges that Inmediata Health Group exposed 1.6 million patients’ PHI online
The following announcement by HHS OCR stems from an accidental exposure of protected health information online that continued for several years. Inmediata’s incident resulted in a class action lawsuit that was settled for $1.1 million in 2022, and a settlement with 33 states for $1.14 million in 2023. HHS seems to be the first to…
Hackers are exploiting a flaw in popular file-transfer tools to launch mass hacks, again
Carly Page reports: Security researchers are warning that hackers are actively exploiting another high-risk vulnerability in a popular file transfer technology to launch mass hacks. The vulnerability, tracked as CVE-2024-50623, affects software developed by Illinois-based enterprise software company Cleo, according to researchers at cybersecurity company Huntress. The flaw was first disclosed by Cleo in a security…