As most people know by now, there are a LOT of victims from Clop’s attack on Progress MoveIT. So many, in fact, that they posted an announcement to all victims, giving the victims until June 14 to contact Clop to negotiate payment to delete data. The Boots pharmacy chain in the U.K. was affected, but…
Category: Subcontractor
British Airways, Boots, BBC payroll data stolen in MOVEit supply-chain attack
Jessica Lyons Hardcastle reports: British Airways, the BBC, and UK pharmacy chain Boots are among the companies whose data has been compromised after miscreants exploited a critical vulnerability in deployments of the MOVEit document-transfer app. Microsoft reckons the Clop ransomware crew stole the information. British Airways, the BBC, and Boots were not hit directly. Instead, payroll services…
Hackers Using MOVEit Flaw to Deploy Web Shells, Steal Data
Exploiting vulnerabilities in file transfer software for businesses and medical practices can result in a treasure trove of valuable data and the opportunity to try to extort oh, so many victims. First it was an Accellion vulnerability, exploited by Cl0p (past coverage). Then it was a Fortra GoAnywhere vulnerability, exploited by Cl0p (past coverage). Now…
Phishing attack affects Texas patients; at least 130,000 impacted
DataBreaches.net has noted some reports this week involving an unnamed business associate that discovered a phishing attack in January of this year. The most recent disclosure was spotted on the website of South Texas Health System for its South Texas Health System – Edinburg facility. The May notice can be read at and reads, in…
HHS Office for Civil Rights Settles HIPAA Investigation with Arkansas Business Associate MedEvolve Following Unlawful Disclosure of Protected Health Information on an Unsecured Server for $350,000
As background: this case began with someone finding an unsecured FTP server owned by MedEvolve. He reported it to DataBreaches. This site first reported on the leak in 2018. This site also reported when MedEvolve issued a statement months later, and again two years later when HHS got them to notify patients. Today, the U.S….
Another business associate attacked: 286,699 patients being notified of attack on medical debt collection firm (UPDATED)
Update of May 22: R&B Corporation of Virginia d/b/a Credit Control Corporation reported the incident to HHS on May 13 as affecting even more people than had been reported to Maine. They reported 345,523 patients were affected. Nicole Livas reports: A security breach of patient accounts may have put your private information at risk. Credit Control Corporation…