Lorenzo Francesco-Bicchierai reports: Hackers allegedly working for the government of Lebanon stole hundreds of gigabytes from thousands of victims all over the world, and they did it using phishing, relatively simple custom-made malware with no fancy zero-day exploits, and using recycled infrastructure, according to a new report. Security researchers from digital rights organization Electronic Frontier…
Category: Phishing
NC: Emotet malware compromised Rockingham County Schools servers after employees opened phishing emails
This report was published December 28, 2017, but I’m first seeing it today. Joe Dexter reports on the devastation Rockingham County Schools experienced after employees fell for a phishing email. The only good news, perhaps, was that personal information did not appear to have been acquired or exfiltrated: All it took was several downloads of…
Onco360 and CareMed Specialty Pharmacy Patients Notified of Data Security Incident
Update: This was reported to HHS/OCR as impacting 53,173 patients. Original post: There were a few press releases about breaches that appeared after 3 pm on the Friday of a three-day holiday weekend. This was one of them: A recent data security incident affected patients receiving services from Onco360 and CareMed Specialty Pharmacy. On November…
Florida officials: Hack exposed 30K Medicaid patients’ files
Jesse Byrne reports: Hackers might have accessed the medical records and other personal information of tens of thousands of Medicaid recipients in November, Florida official announced late Friday. Florida’s Agency for Health Care Administration (AHCA) said in a press release reported by The Associated Press that one of its employees was the “victim of a malicious phishing…
Colorado Mental Health Institute at Pueblo notified 650 patients after phishing incident
The Colorado Mental Health Institute at Pueblo is under the state’s Department of Human Services. On December 22, it issued a notice following discovery of a phishing incident that potentially affected 650 patients: The Colorado Mental Health Institute at Pueblo (CMHIP) experienced a potential data breach after a staff member on Nov. 1, unintentionally allowed…
TX: MMH announces ‘data security incident’ involving patient information
MRT reports that once again, compromising employee email provides access for attackers: Midland Memorial Hospital announced Tuesday there was a data security incident involving a limited number of patients’ personal information. […] The hospital became aware on Oct. 13 that an unauthorized third party may have obtained access to an employee’s e-mail account on or…