Justin Henry reports: By exploiting a vulnerability in a widely used file transfer application, hackers were able to access the internal information of several large organizations, including three Am Law 50 law firms, highlighting the vulnerability of widespread use of one third-party application. The incident has observers wondering: If some of the largest and most profitable…
Category: U.S.
DEVELOPING: HCA Healthcare patient data for sale on hacking forum?
A new user on a hacking forum has listed patient data from HCA Healthcare for sale. “As of 2021, HCA Healthcare is ranked #62 on the Fortune 500 rankings of the largest United States corporations by total revenue.” the seller writes, adding Data is grouped by division into 17 files totaling to 27,700,000 rows. More…
Deputy U.S. Marshal Pleads Guilty to Obtaining Cell Phone Location Information Unlawfully
This Department of Justice – Office of Inspector General press release from June 30 is a recent reminder of the insider threat: A deputy U.S. Marshal pleaded guilty today to misusing a law enforcement service to obtain cell phone location information for personal use. According to court documents, Adrian Pena, 49, of Del Rio, Texas,…
CISA issues warning for cardiac device system vulnerability
Jonathan Greig reports: The Cybersecurity and Infrastructure Security Agency (CISA) warned of a severe vulnerability in a cardiac device from medical device company Medtronic. The issue – tracked as CVE-2023-31222 – carries a “critical” CVSS score of 9.8 out of 10 and affects the company’s Paceart Optima software that runs on a healthcare organization’s Windows server. Medtronic said…
Imagine360 discovers that two of its file-sharing platforms were hit within days of each other.
With all the big attacks on third-party vendors, it’s not surprising that some entities are reporting two or more breaches in a short period of time. Imagine360, LLC, is a self-funded health plan for employers. On or around January 30, Imagine360 identified unusual activity within Citrix, its third-party file-sharing platform. Imagine360 terminated access to the…
2,632 Medicaid members in Arizona being notified of data leak
A systems error involving the Arizona Health Care Cost Containment System (AHCCCS) resulted in 2,632 Health-e-Arizona Plus household accounts having their data accidentally exposed to others accessing the website. The breach was discovered on May 11, but had occurred earlier in the year. Name, addresses, and the last four digits of social security numbers were exposed…