In December, 2020, the FTC announced a proposed settlement with Texas-based Ascension Data & Analytics after a security breach involving one of its vendors resulted in the exposure of, and unauthorized access to, consumers’ mortgage applications. One year later, the settlement received final approval, as the FTC announced on December 22: The Federal Trade Commission…
Category: Subcontractor
UVA Health notified patients after Ciox Health data breach (updated)
Someone on Twitter asked me what the first breach of 2022 would be. The following public notice is not the first breach of 2022. It is a 2021 breach that just showed up after midnight in my news search this morning. And because it involves a third-party breach, we may see other covered entities affected,…
Vendor hack slows NJ state agency’s ability to print documents
101.5 reports: Receiving a printed state document could prove to be a challenge because of an issue with the vendor used by the state. The state office of Office of Information Technology, which facilitates the service, said vendor R.R. Donnelley & Sons identified a “systems intrusion in its technical environment” and responded by shutting down…
AR: Crawford County Assessor’s Office is the latest public entity to be hit by a cyberattack.
5News reports that an Arkansas county has been hit by a cyberattack, although the details are not yet clear: According to Crawford County Judge Dennis Gilstrap, a cyberattack was discovered at the County Assessors office on Monday, Dec. 27. Gilstrap said he is not exactly sure of the correct phrasing but employees discovered files missing…
VPN Solutions LLC suffered a ransomware attack two months ago. Some clients still can’t access patient data hosted on the service.
It appears that a ransomware incident involving VPN Solutions LLC may have affected a number of covered entities, although so far, DataBreaches.net has only identified two confirmed cases: Surgery Group SC On December 17, Surgery Group SC in Illinois notified HHS about an incident impacting 500 patients. DataBreaches.net interprets that 500 number as a marker…
MA: Northeastern Cancels Vaccination Clinics After Third-Party Information Leak
Jay Willett reports: COVID-19 vaccination clinics scheduled on Northeastern University’s Boston campus have been cancelled following the discovery of registrants’ personal information being exposed by Pelmeds, a third-party vaccine provider. In a statement shared with WBZ NewsRadio, Northeastern said that the information was present on Pelmeds’ website. “As soon as the university became aware of…