Ionut Arghire reports: Pharmaceutical company Inotiv has notified the US Securities and Exchange Commission (SEC) that its business operations took a hit after hackers compromised and encrypted its internal systems. The incident, the organization said in a Form 8-K filing, occurred on August 8, and prompted Inotiv to initiate containment and remediation processes. “The company’s preliminary…
Category: U.S.
Two agencies in one state investigated and fined Healthplex. Was that one too many?
DataBreaches is generally a great fan of state attorneys general taking enforcement action stemming from data breaches where the security was really subpar or the entity did not notify those affected in a reasonable amount of time. But two enforcement actions in New York have me wondering if the state has been a bit unfair…
HHS OCR Settles HIPAA Ransomware Security Rule Investigation with BST & Co. CPAs, LLP
In February 2020, DataBreaches reported that patients of Community Care Physicians in New York may have had their protected health information, date of birth, and insurance coverage exposed as a result of a ransomware attack by Maze Team at the Albany-based accounting firm BST & Co. CPAs. The incident was reported at the time to…
Microsoft’s Nuance coughs up $8.5M to rid itself of MOVEit breach suit
Carly Page reports: Microsoft-owned talk-to-text outfit Nuance has agreed to cough up $8.5 million to settle a class action lawsuit over the sprawling MOVEit Transfer mega-breach – although it admits no liability. The proposed deal [PDF], filed in a Massachusetts federal court last week, would draw a line under litigation brought by individuals who claimed that the company failed…
Government papers found in an Alaskan hotel reveal new details of Trump-Putin summit
For the “No need to hack when it’s leaking” and the “our government is our insider threat” files, Chiara Eisner of NPR reports: Papers with U.S. State Department markings, found Friday morning in the business center of an Alaskan hotel, revealed previously undisclosed and potentially sensitive details about the Aug. 15 meetings between President Donald…
Data breach at Fundamental Administrative Services affected 56,235 patients at long-term care facilities
On March 21, 2025, Fundamental Administrative Services, LLC (“Fundamental”), a Maryland-headquartered service provider to long-term care facilities, notified HHS of a breach involving unauthorized access to its network. At the time, they used a “500” placeholder for the number affected, but also posted a substitute notice on their website. This week, Fundamental issued a press…