FBI Private Industry Notification TLP:CLEAR November 7, 2023 Summary The Federal Bureau of Investigation (FBI) is releasing this Private Industry Notification to highlight ransomware initial access trends and encourage organizations to implement the recommendations in the “Mitigations” section to reduce the likelihood and impact of ransomware incidents. Threat As of July 2023, the FBI noted…
Category: Of Note
Update: Sensitive patient data leaked from TransForm ransomware incident; hospitals and centers affected
As predicted, Daixin has leaked the third part of the data they exfiltrated from TransForm and Canadian healthcare entities. DataBreaches reported the first leak when Daixin publicly claimed responsibility for the attack. The second leak followed two days later, and less than one day later, the third tranche dropped. As with the first two leaks,…
Virginia’s Fairfax Schools Expose Thousands of Sensitive Student Records
Linda Jacobson reports: Virginia’s Fairfax County Public Schools disclosed tens of thousands of sensitive, confidential student records, apparently by accident, to a parent advocate who has been an outspoken critic of its data privacy record. The documents identify current and former special education students by name and include letter grades, disability status and mental health…
It took an HHS complaint, but three years later, some Ventura Orthopedic patients are finally being notified of a ransomware attack
In August 2020, DataBreaches reported that the Maze ransomware gang had added Ventura Orthopedics to their name-and-shame leak site. At the time, Ventura did not respond to inquiries about whether they would confirm or deny the claims. And they did not respond to other inquiries from DataBreaches when the Conti ransomware gang subsequently listed 1,850…
NY Financial Regulator Rolls Out Updated Cybersecurity Standards
Skye Witley reports: New York regulators assigned heightened cybersecurity requirements to banks, insurers, and financial services providers based in the state with the release of finalized rule amendments Wednesday. Covered entities will have to use multifactor authentication, expand cybersecurity governance duties, and conduct consistent threat testing under the regulation updated by the New York Department of Financial…
Exclusive: Daixin Team claims responsibility for attacks affecting Canadian hospitals, starts leaking data
Daixin Team is now claiming responsibility for — and leaking data from — an attack that has significantly impacted five Canadian hospitals in Ontario. TransForm Shared Service Organization provides IT, supply chain, and accounts payable services to Bluewater Health, Windsor Regional Hospital, Hotel Dieu Grace, Erie Shores Healthcare, Hospice of Windsor-Essex, and the Chatham-Kent…