Exploiting vulnerabilities in file transfer software for businesses and medical practices can result in a treasure trove of valuable data and the opportunity to try to extort oh, so many victims. First it was an Accellion vulnerability, exploited by Cl0p (past coverage). Then it was a Fortra GoAnywhere vulnerability, exploited by Cl0p (past coverage). Now…
Category: Subcontractor
Phishing attack affects Texas patients; at least 130,000 impacted
DataBreaches.net has noted some reports this week involving an unnamed business associate that discovered a phishing attack in January of this year. The most recent disclosure was spotted on the website of South Texas Health System for its South Texas Health System – Edinburg facility. The May notice can be read at and reads, in…
HHS Office for Civil Rights Settles HIPAA Investigation with Arkansas Business Associate MedEvolve Following Unlawful Disclosure of Protected Health Information on an Unsecured Server for $350,000
As background: this case began with someone finding an unsecured FTP server owned by MedEvolve. He reported it to DataBreaches. This site first reported on the leak in 2018. This site also reported when MedEvolve issued a statement months later, and again two years later when HHS got them to notify patients. Today, the U.S….
Another business associate attacked: 286,699 patients being notified of attack on medical debt collection firm (UPDATED)
Update of May 22: R&B Corporation of Virginia d/b/a Credit Control Corporation reported the incident to HHS on May 13 as affecting even more people than had been reported to Maine. They reported 345,523 patients were affected. Nicole Livas reports: A security breach of patient accounts may have put your private information at risk. Credit Control Corporation…
A harbinger of bad things to come?
Seen on the AlphV/BlackCat leak site today: ResultsCX | The result of many unknown breaches? 5/11/2023, 9:03:10 PM We have numerous accounts to share about how our organization was able to gain initial access to various fortune 100 companies using the ResultsCX network and credentials. Interestingly, these companies are completely unaware that we have accessed…
Brightly warns of SchoolDude data breach exposing credentials
Sergiu Gatlan reports: U.S. tech company and Siemens subsidiary Brightly Software is notifying customers that their personal information and credentials were stolen by attackers who gained access to the database of its SchoolDude online platform. SchoolDude is a cloud-based platform for managing work orders used by over 7,000 colleges, universities, and K-12 schools from school…