Gloria Rebecca Gomez reports: A data breach exposed the personal information of thousands of Arizona students enrolled in the state’s school voucher program, according to Gov. Katie Hobbs, but the state’s top education official says it’s not a problem. Earlier this month, ClassWallet, the online financial administration platform that handles payments for Arizona’s Empowerment Scholarship…
Category: Subcontractor
Centers for Medicare and Medicaid notifying 645,000 Medicare members about MOVEit breach (UPDATED)
Update: This incident was reported to HHS as affecting 1,362,470 patients. The Centers for Medicare and Medicaid (CMS) has posted a notice on its site about a data breach at one of its contractors, Maximus Federal Services, Inc. Maximus was one of hundreds of victims of a 0day attack on MOVEit file transfer software by the…
Read more Health3PT Releases Blueprint for Third Party Risk Management to Fix the Ineffective Cyber Risk Assessment Process for the Healthcare Industry
Survey finds 60% of covered entities and 72% of their vendors believe today’s third-party risk management practices are not effective: new guidance provides a consistent set of practices to reduce cyber risk for the health industry FRISCO, Texas–July 27, 2023–The Health 3rd Party Trust (Health3PT) Initiative today announced the release of the Health3PT Recommended Practices &…
Health data of more than 8 million people accessed by MOVEit hackers: US govt contractor
In what may be the largest health data breach reported so far in 2023, a government contractor affected by the MOVEit breach disclosed the breach in an SEC filing. ANS reports: Maximus, a US government services contracting company, has confirmed that hackers exploited a vulnerability in MOVEit Transfer to access the protected health information of…
Deloitte denies Cl0p data breach claims in wake of MOVEit attack
Ross Kelly reports: Deloitte has refuted claims that the Cl0p ransomware gang has breached its systems and stolen company data amid speculation online. The accountancy firm was cited as a victim on Cl0p’s breach disclosure blog, sparking concerns that clients at the consultancy could be at risk. In its disclosure, Cl0p claimed “the company doesn’t…
UK: Ambulance patient records system hauled offline for cyber-attack probe
Lindsay Clark reports: Several UK NHS ambulance organizations have been struggling to record patient data and pass it to other providers following a cyber-attack aimed at health software company Ortivus. In a statement, the Sweden-headquartered software vendor said it was subject to a cyber-attack on July 18 which hit UK customer systems within its hosted datacenter…