Casey Harper reports that Congress finally got around to questioning CMS about a ransomware attack on Healthcare Management Solutions, a CMS subcontractor. The attack involved Medicare and Medicaid numbers. Hundreds of thousands of Americans’ personal information is at risk after Medicare’s data was breached. Now, lawmakers want answers. House Committee on Oversight and Accountability Chairman…
Category: Subcontractor
NYC Special Needs Students’ Records Found Exposed on Web
Marianne Kolbasuk McGee reports: Tens of thousands of documents containing personal information of special education students within New York City’s public school system were held in an unsecured database exposed to the internet. Researcher Jeremiah Fowler of security services firm Security Discovery told Information Security Media Group he found the unsecured database in mid-February and…
What is the cost of not purging data or moving it offline, Sunday edition
Maybe one day, a law or regulation will require entities to purge old data that is no longer needed or requires it to be disconnected from the internet. If anyone needs a fresh example of why we need that type of law or regulation, here it is: Richard T. Miller, DMD, PC, d/b/a Great Neck/Mid…
Hitachi Energy Latest Victim of Clop GoAnywhere Attacks
Prajeet Nair reports: Hitachi Energy joined the ranks of victims hit by the Clop ransomware group, which has exploited a zero-day vulnerability in Fortra’s widely used managed file transfer software, GoAnywhere MFT. Clop claimed responsibility for the hack, which compromised networks used by 130 different organizations. Read more at BankInfoSecurity.
Patient’s ’embarrassing’ private health information posted to Facebook after breach
Tori Gaines reports: A woman has reported that the results of her test for sexually transmitted diseases were posted to Facebook after a worker at a California hospital gained access to her medical records, according to a complaint shared by her attorney. There’s a lot to consider about this case. From the reporting, it appears…
NBA alerts fans of a data breach exposing personal information
Sergiu Gatlan reports: The NBA (National Basketball Association) is notifying fans of a data breach after some of their personal information, “held” by a third-party newsletter service, was stolen. “We recently became aware that an unauthorized third party gained access to, and obtained a copy of, your name and email address, which was held by…