Insider breaches — including insider wrongdoing — were down last year according to Verizon’s annual report and Protenus’s 2021 Breach Barometer for incidents involving health or medical data reported in the U.S. But “down” does not mean “gone.” Rogue employees are still a significant risk for entities, as James Cullum reports: An Alexandria certified nursing assistant…
Category: U.S.
TX: Gastroenterology Consultants, P.A. hit by ransomware in January, but patients not notified yet?
Back in December, this site reported on a ransomware incident affecting Gastroenterology Consultants, LTD in Nevada. They had been the target of Conti threat actors, and they reported the incident to HHS in January as impacting 2,500 patients. Yesterday,, I saw another listing for Gastroenterology Consultants, but this is Gastroenterology Consultants, P.A. in Houston, Texas….
Gary, Indiana targeted by ransomware attack
Riley Chloe reports that Gary, Indiana is trying to recover from a ransomware attack. All of its servers are now being restored and rebuilt. The FBI and the Department of Homeland Security were both alerted and a city spokesperson says they’re still investigating if anyone’s personal information was stolen. “If we discover that any information…
Jp: Two Salesforce incidents reportedly shut down online vaccination reservation systems, exposed other personal info
Updated May 18: See the Salesforce statement issued May 17 that says confirming that there was no data loss or breach involving the first incident described below. Yomiuri Shimbun reports: A failure in a cloud computing system provided by U.S.-based IT company Salesforce.com Inc. paralyzed COVID-19 vaccination reservation systems operated by local governments across Japan…
Georgia’s HB 156, requiring state notice for utility cybersecurity incidents, is now in effect
Lael Bellamy and Emily Maus of DLA Piper write: Georgia’s governor has signed into law House Bill 156, creating specific notice requirements for state agencies and utilities that experience cybersecurity attacks, data breaches or malware and requiring notice to the state director of emergency management in Georgia within two hours of notifying the federal emergency…
Agents raid home of Kansas man seeking info on botnet that infected DOD network
Catalin Cimpanu reports: US military investigators have raided the home of a Kansas man looking for information about a crypto-mining botnet that has infected US Air Force servers. The raid is related to a November 2020 security breach that impacted the US Air Force Office of Special Investigations (OSI), the Air Force’s internal law enforcement agency. Read…