More coverage of a lawsuit against BST, a CPA firm that is a business associate of Community Care Physicians. BST had been attacked by Maze ransomware, and when they did not pay the demanded ransom, the ransomware operators started dumping some of the data to increase pressure on them. Now patients of Community Care Physicians…
Category: Subcontractor
BST sued by Community Care customers over Maze ransomware attack
Larry Rulison reports: Lawyers for patients of Community Care Physicians that were victimized by a cyber ransomware attack last December are suing the accounting firm that the medical practice hired to protect its customer data, some of which was published online. The class-action lawsuit was filed in state Supreme Court in Albany last month against …
San Francisco Employees’ Retirement System notifies employees of contractor breach
The San Francisco Employees’ Retirement System has been notifying people about a breach. From their notification, this explanation of what happened: The Retirement System contracts with vendors to provide SFERS members with on‐ line access to their account information. One of the vendors, 10up Inc., set up a test environment on a separate computer server…
Two Data Breaches Hit Kentucky Employees’ Health Plan
Sarah Michels reports: Nearly a thousand members of Kentucky Employees’ Health Plan (KEHP) were victims of a data breach that took place in late April and mid-May, according to a statement released by the Commonwealth of Kentucky Personnel Cabinet on June 2. During the first attack, from April 21 to 27, 971 KEHP members accounts…
“Aeries Software” Breached and Over 150 School Districts Compromised
Bill Toulas reports that more than 150 school district were compromised by the Aeries software breach. I’m not surprised, as I’ve been updating my little list of schools where I had seen breach notifications. You can find that post of mine here.
Indiana covered entities discover that their documents storage and secure destruction vendor dumped records improperly
I know the arguments against holding covered entities for auditing and monitoring their business associates periodically for compliance with any contracts, but when you don’t hold covered entities really accountable for checking that their vendors or business associates are living up to their contracts, stuff like this happens. And it can go on for years….