Earlier today, DataBreaches posted an HHS OCR announcement of a settlement with a HIPAA covered entity. A former contractor had accessed its electronic medical record system on three occasions without authorization to retrieve PHI for use in potential fraudulent Medicare claims. OCR imposed a monetary penalty of $1.19 million for the entity’s failure to: conduct…
Waqas reports: As the holiday season kicks off, a ransomware attack on Blue Yonder, the world’s leading supply chain management software provider, has disrupted operations for Starbucks and other retailers worldwide. The attack, reportedly, affected the private cloud computing service Blue Yonder provided to some customers including Starbucks, but not the company’s public cloud environment. It is…
Bill Toulas reports: A data breach at an unnamed French hospital exposed the medical records of 750,000 patients after a threat actor gained access to its electronic patient record system. A threat actor using the nickname ‘nears’ (previously near2tlg) claimed to have attacked multiple healthcare facilities in France, alleging that they have access to the patient…
Sergiu Gatlan reports: Amazon confirmed a data breach involving employee information after data allegedly stolen during the May 2023 MOVEit attacks was leaked on a hacking forum. The threat actor behind this data leak, known as Nam3L3ss, published over 2.8 million lines of Amazon employee data, including names, contact information, building locations, email addresses, and more….
Lawrence Abrams reports: Hackers breached ESET’s exclusive partner in Israel to send phishing emails to Israeli businesses that pushed data wipers disguised as antivirus software for destructive attacks. A data wiper is malware that intentionally deletes all of the files on a computer and commonly removes or corrupts the partition table to make it harder to…
Sydney J. Freedberg Jr. reports: AUSA 2024 — Army undersecretary Gabe Camarillo announced here Tuesday that the service would create a secure online enclave where small businesses can work with sensitive information under the Army’s protection — a potential lifeline for smaller firms struggling to meet Pentagon cybersecurity requirements and defend themselves against high-end threats like China. Known as…