In October, 2019, Kalispell Regional Health suffered a phishing incident that impacted more than 100,000 patients. They were sued shortly thereafter. Today, a proposed settlement of the class action lawsuit was announced. The settlement has yet to be approved and the class hasn’t been certified yet for purposes of the suit. That is all scheduled…
Category: Phishing
NC: Alamance Skin Center breach left patient data totally unrecoverable
Alamance Skin Center recently reported a HIPAA breach to HHS as being a “Loss” incident with data in EMR. But previous media coverage provided an even more dire understanding of the incident. On November 4, Triad Business Journal reported that the medical practice, part of Cone Health, had been the victim of a ransomware attack. The…
“Email Appender” Implants Malicious Emails Directly Into Mailboxes
As if we didn’t have enough breaches that start by compromising an employee’s email account, now there’s more to worry about. Imagine that despite training your employees to be careful, and despite using updated AV or other software to detect nasties, a threat actor could deliver malware-laden emails directly into your employees’ inboxes. Will employees…
UK: ‘Thousands’ of people could have had personal details in cyber attack on Sandicliffe car dealership
For what… about 14 years now… I have pointed out how many non-medical entities hold sensitive medical information on consumers that may get caught up in breaches. Today’s example is out of the U.K., where Phoebe Ram reports: The bank account details and medical histories of ‘possibly thousands’ of people were stolen during a cyber…
Sodinokibi/REvil ransomware gang pwns British housing biz via suspected phishing attack
Gareth Corfield reports: A social housing provider in Norwich, England, has said it was hit with the Sodinokibi ransomware following what it assumes was a successful phishing attack. Flagship Group revealed last night that its systems were compromised by a “cyberattack” on Sunday, 1 November. Read more on The Register. The attack is not (yet)…
KR: Court orders online mall to compensate 2,400 customers for data leak
Depending on how long you have been following this blog, some of you may not remember the Interpark data breach in South Korea in 2016. I had covered it several times, including when it was fined $3.8 million (the largest fine up until that date) for its failure to protect consumer data from from what…