Bill Toulas reports: A data breach at an unnamed French hospital exposed the medical records of 750,000 patients after a threat actor gained access to its electronic patient record system. A threat actor using the nickname ‘nears’ (previously near2tlg) claimed to have attacked multiple healthcare facilities in France, alleging that they have access to the patient…
Category: Subcontractor
Amazon confirms employee data breach after vendor hack
Sergiu Gatlan reports: Amazon confirmed a data breach involving employee information after data allegedly stolen during the May 2023 MOVEit attacks was leaked on a hacking forum. The threat actor behind this data leak, known as Nam3L3ss, published over 2.8 million lines of Amazon employee data, including names, contact information, building locations, email addresses, and more….
ESET partner breached to send data wipers to Israeli orgs
Lawrence Abrams reports: Hackers breached ESET’s exclusive partner in Israel to send phishing emails to Israeli businesses that pushed data wipers disguised as antivirus software for destructive attacks. A data wiper is malware that intentionally deletes all of the files on a computer and commonly removes or corrupts the partition table to make it harder to…
Army to defend small businesses against hackers with NCODE secure cloud enclave pilot
Sydney J. Freedberg Jr. reports: AUSA 2024 — Army undersecretary Gabe Camarillo announced here Tuesday that the service would create a secure online enclave where small businesses can work with sensitive information under the Army’s protection — a potential lifeline for smaller firms struggling to meet Pentagon cybersecurity requirements and defend themselves against high-end threats like China. Known as…
Virginia Contractor Settles False Claims Act Liability for Failing to Secure Medicare Beneficiary Data
Here’s today’s reminder that it’s not just HHS OCR that entities need to be concerned about in terms of enforcement of data security requirements for health data. ASRC Federal Data Solutions LLC (AFDS), headquartered in Reston, Virginia, has agreed to resolve False Claims Act allegations in connection with a government contract related to its storage…
Revenue Cycle Vendor Notifying 400,000 Patients of Hack
Marianne Kolbasuk McGee reports: A Texas-based healthcare revenue cycle management firm is notifying nearly 400,000 individuals of a hacking incident that it says originated with another third party. The incident is among a growing list of major health data breaches implicating vendors and affecting tens of millions of patients so far this year. Gryphon Healthcare…