In July, DataBreaches.net reported that threat actors calling themself “Grief” claimed to have attacked NY-based Rehabilitation Support Services (RSS), an agency that provides services to more than 3,000 individuals with psychiatric and substance abuse disorders each year. Grief claimed to have exfiltrated 4 GB of data from RSS, and offered some small proof of claim. For…
Category: U.S.
Education Department Updates Rules and Criminal Penalties for Accessing Agency Data
Aaron Boyd reports: The Education Department is rolling out new rules for accessing and handling agency data by third parties—including students, parents and loan companies—with updated criminal penalties for anyone not following the new statutes. The new rules intend to bring the department into compliance with the 2019 Stop Student Debt Relief Scams Act and…
All of Desert Wells Family Medicine patients’ electronic health records were corrupted and unrecoverable from ransomware attack
On August 30, HHS added Queen Creek Medical Center d/b/a Desert Wells Family Medicine in Arizona to its public breach tool. The entity had reported that 35,000 patients were impacted by a breach involving a hack of the network. We now have more details on that incident available thanks to a public disclosure of their…
HBP Financial Services Group notice of breach impacting Pathology Consultants of New London, PC
The following was found in the legal notices section of the Westerly Sun. Details for NOTICE OF DATA BREACH HBP NOTICE OF DATA BREACH HBP Financial Services Group, LTD (HBP), which serves as the practice administrator for Pathology Consultants of New London, PC (PCNL), was the victim of an IT incident that resulted in the unauthorized access…
SC: Dorchester County Government Notice of February Security Incident
DORCHESTER COUNTY, S.C., Sept. 9, 2021 /PRNewswire/ — Dorchester County Government (“Dorchester“) announced today a phishing incident involving email accounts within its email environment. The phishing incident resulted in unauthorized access to certain information collected and maintained by the County for a variety of reasons, including names, addresses, email addresses, dates of birth, Social Security numbers, driver’s…
Texas Right to Life website exposed job applicants’ resumes
Zack Whittaker reports: Anti-abortion group Texas Right to Life exposed the personal information of hundreds of job applicants after a website bug allowed anyone to access their resumes, which were stored in an unprotected directory on its website. A security researcher told TechCrunch that the group’s main website, built largely in WordPress, was not properly…