As background: this case began with someone finding an unsecured FTP server owned by MedEvolve. He reported it to DataBreaches. This site first reported on the leak in 2018. This site also reported when MedEvolve issued a statement months later, and again two years later when HHS got them to notify patients. Today, the U.S….
Category: Subcontractor
Another business associate attacked: 286,699 patients being notified of attack on medical debt collection firm (UPDATED)
Update of May 22: R&B Corporation of Virginia d/b/a Credit Control Corporation reported the incident to HHS on May 13 as affecting even more people than had been reported to Maine. They reported 345,523 patients were affected. Nicole Livas reports: A security breach of patient accounts may have put your private information at risk. Credit Control Corporation…
A harbinger of bad things to come?
Seen on the AlphV/BlackCat leak site today: ResultsCX | The result of many unknown breaches? 5/11/2023, 9:03:10 PM We have numerous accounts to share about how our organization was able to gain initial access to various fortune 100 companies using the ResultsCX network and credentials. Interestingly, these companies are completely unaware that we have accessed…
Brightly warns of SchoolDude data breach exposing credentials
Sergiu Gatlan reports: U.S. tech company and Siemens subsidiary Brightly Software is notifying customers that their personal information and credentials were stolen by attackers who gained access to the database of its SchoolDude online platform. SchoolDude is a cloud-based platform for managing work orders used by over 7,000 colleges, universities, and K-12 schools from school…
Japan’s ubiquitous convenience stores now serving up privacy breaches
Simon Sharwood reports: Japan’s minister for digital transformation and digital reform, Taro Kono, has apologized after a government app breached citizens’ privacy. The app is called the “Certificate Issuing Server” and, as explained by the municipal government of Kodaira City, allows residents to print documents such as certificates that prove they’ve paid taxes. Fujitsu Japan developed and…
A rough year: first a ransomware attack, then a credential stuffing attack affecting more than 1 million patients.
On April 28, NextGen submitted a breach notification to the Montana Attorney General’s Office. Thinking it would be a report linked to the ransomware attack by AlphV (BlackCat) in January, DataBreaches prepared to write an update. But it turned out that it was not that incident. It was a seemingly unrelated incident. NextGen, a business…