Jessica Lyons Hardcastle reports: British Airways, the BBC, and UK pharmacy chain Boots are among the companies whose data has been compromised after miscreants exploited a critical vulnerability in deployments of the MOVEit document-transfer app. Microsoft reckons the Clop ransomware crew stole the information. British Airways, the BBC, and Boots were not hit directly. Instead, payroll services…
Category: Subcontractor
Hackers Using MOVEit Flaw to Deploy Web Shells, Steal Data
Exploiting vulnerabilities in file transfer software for businesses and medical practices can result in a treasure trove of valuable data and the opportunity to try to extort oh, so many victims. First it was an Accellion vulnerability, exploited by Cl0p (past coverage). Then it was a Fortra GoAnywhere vulnerability, exploited by Cl0p (past coverage). Now…
Phishing attack affects Texas patients; at least 130,000 impacted
DataBreaches.net has noted some reports this week involving an unnamed business associate that discovered a phishing attack in January of this year. The most recent disclosure was spotted on the website of South Texas Health System for its South Texas Health System – Edinburg facility. The May notice can be read at and reads, in…
HHS Office for Civil Rights Settles HIPAA Investigation with Arkansas Business Associate MedEvolve Following Unlawful Disclosure of Protected Health Information on an Unsecured Server for $350,000
As background: this case began with someone finding an unsecured FTP server owned by MedEvolve. He reported it to DataBreaches. This site first reported on the leak in 2018. This site also reported when MedEvolve issued a statement months later, and again two years later when HHS got them to notify patients. Today, the U.S….
Another business associate attacked: 286,699 patients being notified of attack on medical debt collection firm (UPDATED)
Update of May 22: R&B Corporation of Virginia d/b/a Credit Control Corporation reported the incident to HHS on May 13 as affecting even more people than had been reported to Maine. They reported 345,523 patients were affected. Nicole Livas reports: A security breach of patient accounts may have put your private information at risk. Credit Control Corporation…
A harbinger of bad things to come?
Seen on the AlphV/BlackCat leak site today: ResultsCX | The result of many unknown breaches? 5/11/2023, 9:03:10 PM We have numerous accounts to share about how our organization was able to gain initial access to various fortune 100 companies using the ResultsCX network and credentials. Interestingly, these companies are completely unaware that we have accessed…