Prajeet Nair reports: Hitachi Energy joined the ranks of victims hit by the Clop ransomware group, which has exploited a zero-day vulnerability in Fortra’s widely used managed file transfer software, GoAnywhere MFT. Clop claimed responsibility for the hack, which compromised networks used by 130 different organizations. Read more at BankInfoSecurity.
Category: Subcontractor
Patient’s ’embarrassing’ private health information posted to Facebook after breach
Tori Gaines reports: A woman has reported that the results of her test for sexually transmitted diseases were posted to Facebook after a worker at a California hospital gained access to her medical records, according to a complaint shared by her attorney. There’s a lot to consider about this case. From the reporting, it appears…
NBA alerts fans of a data breach exposing personal information
Sergiu Gatlan reports: The NBA (National Basketball Association) is notifying fans of a data breach after some of their personal information, “held” by a third-party newsletter service, was stolen. “We recently became aware that an unauthorized third party gained access to, and obtained a copy of, your name and email address, which was held by…
Jelly Bean Communications Design and its Manager Settle False Claims Act Liability for Cybersecurity Failures on Florida Medicaid Enrollment Website
There’s an update to the Florida Healthy Kids breach that was due to their vendor, Jelly Bean Communications, not patching vulnerabilities for seven years. The incident was reported to HHS in January 2021 as impacting 3.5 million patients. Today, the U.S. Department of Justice announced: Jelly Bean Communications Design LLC (Jelly Bean) and Jeremy Spinks…
3,400 death registry records accessed in Hawaii Department of Health data security breach
We do not see many breach notifications from Hawaii, but KHON made us aware of this reminder to disable access when an external employee terminates employment: HONOLULU, HI – The Hawai‘i Department of Health (DOH) will send out notification letters regarding unauthorized access to the DOH Electronic Death Registry System (EDRS), by the end of…
The Chautauqua Center notifies patients of breach; changes EMR provider
The Chautauqua Center (TCC) in New York has disclosed a HIPAA breach by a business associate. The business associate’s error resulted in the protected health information of 747 physical and occupational therapy patients being made accessible to other covered entities. According to their notification letter to those affected, the breach occurred on December 22nd at…