Ashley Eberhardt reports: Colorado Springs Utilities said in an email to customers that sensitive data stored by a subcontractor had been accessed by an “unauthorized party” in June. In the email sent out on Wednesday, Springs Utilities said they learned of the breach on July 6, and that the breach occurred on June 15, 2022….
Category: U.S.
Tenet Healthcare faces lawsuit after Baptist Health System data breach affects 1.2 million patients
Catherine Martin reports: A Texas man has filed a class-action lawsuit against Dallas-based Tenet Healthcare and its affiliate Baptist Health System after the companies experienced a data breach this year that affected more than a million patients. The lawsuit was filed July 5 in Dallas County on behalf of Troy Contreras, one of about 1.2…
Experian, You Have Some Explaining to Do
Brian Krebs writes: Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. In both cases the readers used password managers to select strong, unique passwords for their Experian accounts. Research suggests identity thieves were able to…
Don’t Put All Your Eggs in the Silent-Cyber Basket
William P. Sowers Jr. and Michael S. Levine of Hunton Andrews Kurth write: The Eastern District of Pennsylvania recently gave another reminder why cyber insurance should be part of any comprehensive insurance portfolio. In Construction Financial Administration Services, LLC v. Federal Insurance Company, No. 19-0020 (E.D. Pa. June 9, 2022), the court rejected a policyholder’s attempt…
US govt warns of Maui ransomware attacks against healthcare orgs
Sergiu Gatlan reports: The FBI, CISA, and the U.S. Treasury Department issued today a joint advisory warning of North-Korean-backed threat actors using Maui ransomware in attacks against Healthcare and Public Health (HPH) organizations. Starting in May 2021, the FBI has responded to and detected multiple Maui ransomware attacks impacting HPH Sector orgs across the U.S….
Family Practice Center discloses a breach from October 2021
DataBreaches really and truly does not understand how entities can take so long to investigate some breaches before disclosing them. If HHS feels that seven months from the first detection of an attack to notification is reasonable or acceptable, then let it change the regulations. If it is not acceptable and HHS wants entities to…