I tweeted this yesterday, but probably should note it here too: When I saw Wolfe Clinic had reported a breach to HHS impacting 542,776 patients, I thought they had just updated their 500k figure from the ransomware attack by Lorenz last year. But it turned out that this was a new, and unrelated report due…
Category: Subcontractor
Scoop: VSS Medical Technology’s Terrible, Horrible, No Good, Very Bad Day
DataBreaches suspects that most readers would agree that getting hit by a ransomware gang qualifies your day as a very bad day. But how about getting hit by two different ransomware gangs on the same day? VSS Medical Technology and one of their companies, Sigmund Software, had what sounds like a terrible, horrible, no good,…
Uber links breach to Lapsus$ group, blames contractor for hack
Sergiu Gatlan reports: Uber believes the hacker behind last week’s breach is affiliated with the Lapsus$ extortion group, known for breaching other high-profile tech companies such as Microsoft, Cisco, NVIDIA, Samsung, and Okta. The company added that the attacker used the stolen credentials of an Uber EXT contractor in an MFA fatigue attack where the contractor was flooded with two-factor authentication (2FA)…
ClearBalance, Bricker & Eckler settle data breach lawsuits involving patient data
To follow up on two previously reported breaches involving protected health information, here are two class action settlements that involve business associates: CSI Financial Services aka ClearBalance In July 2021, DataBreaches reported a breach at CSI Financial Services, aka ClearBalance, a firm that services loans made by hospitals and providers to patients who need to…
Aeries Software settles claims over 2019 data breach
There’s an update to a 2019 data breach involving Aeries Software that impacted more than 150 school districts. Top Class Actions reports that Aeries has agreed to pay $1.75 million to resolve claims that the breach compromised personal information of San Dieguito Union High School students. The case is Gupta, et al. v. Aeries Software…
Cyber Criminals Targeting Healthcare Payment Processors, Costing Victims Millions in Losses
IC3.gov PIN 20220914-001 14 September 2022 TLP: WHITE Summary The FBI has received multiple reports of cyber criminals increasingly targeting healthcare payment processors to redirect victim payments. In each of these reports, unknown cyber criminals used employees’ publicly-available Personally Identifiable Information (PII) and social engineering techniques to impersonate victims and obtain access to files, healthcare…