Note: updates to the breaches included in this report appear below the original post. Some threat actors have gained a lot of notoriety while others are lesser known. In this article, DataBreaches.net reports on a relatively unknown group that has been hitting the healthcare sector, “Xing Team.” Like other groups, Xing maintains a dedicated leak…
Category: U.S.
Arizona Asthma and Allergy Institute Provides Notice of Maze Attack in 2020
An incident initially reported to HHS on May 3 has been updated to 70,372 patients from the initial report of 50,000. The following is the entity’s notice on their web site, and after you read it, I’ll meet you on the other side to explain it more, because they only discovered the breach when DataBreaches.net…
Cost of ransomware attack on Baltimore County public schools climbs to $7.7M
Lillian Reed reports: Baltimore County school officials estimate the ransomware attack in November will cost the system at least $7.7 million, nearing what Baltimore City spent following a similar attack in 2019. The estimated costs cover a wide range of programs, services, trainings and licenses that helped Maryland’s third-largest school system respond to and recover…
Lewd Phishing Lures Aimed at Business Explode
Socially engineered BEC attacks using X-rated material spike 974 percent. Becky Bracken reports: Attackers have amped up their use of X-rated phishing lures in business email compromise (BEC) attacks. A new report found a stunning 974-percent spike in social-engineering scams involving suggestive materials, usually aimed at male-sounding names within a company. The Threat Intelligence team…
OH: Five Rivers Health Centers notified 155,748 patients after phishing incident
On May 28, Five Rivers Health Centers in Ohio notified HHS about a data security incident that impacted 155,748 patients. The following is their media notice, linked from the home page of their web site if you can find it (see attached, where I highlighted the location of the link on their home page). DataBreaches.net…
Chief Operating Officer of Network Security Company Charged with Cyberattack on Medical Center
Note: It seems possible that the incident described in DOJ’s press release below is the incident reported by Salted Hash and DataBreaches.net in 2018. According to Singla’s LinkedIn account, he was COO at Securolytics in Atlanta at the time of the Gwinnett breach. A Georgia man was arraigned today on charges arising out of a…