BakerHostetler writes: As noted back in December 2022, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) has issued dramatic guidance (often called the Bulletin) that targets the use of so-called Internet “tracking technologies” on the public websites of HIPAA-covered entities. Fueled by this guidance, healthcare providers have faced a dual threat…
Category: U.S.
IT suppliers hacked off with Uncle Sam’s demands in aftermath of cyberattacks
Brandon Vigliarolo reports: Organizations that sell IT services to Uncle Sam are peeved at proposed changes to procurement rules that would require them to allow US government agencies full access to their systems in the event of a security incident. The rules were unveiled in a draft update to the Federal Acquisition Regulation (FAR) that refreshes security…
Verizon insider data breach affects over 63,000 employees
Bleeping Computer reports that Verizon has notified the Maine Attorney General’s Office of an insider data breach affecting 63,206 employees. According to their sample notice of what was sent to those affected, an employee gained unauthorized access to employee data on September 21, 2023, although Verizon didn’t discover the problem until December. The types of…
Lawsuits Involving GoAnywhere Data Breach Consolidated at One Florida Federal Court
The ransomware gang known as Clop created massive headaches for numerous entities with attacks involving the exploitation of vulnerabilities in file transfer software. Since December 2020, the same gang exploited vulnerabilities in Accellion, Fortra’s GoAnywhere software, and Progress Software’s MOVEit software. Christopher Brown reports a litigation update in cases stemming from the GoAnywhere breach disclosed…
Atlanta Women’s Health Group notifying patients of April 2023 data breach
John Shirek reports that Atlanta Women’s Health Group just notified more than 30,000 patients about a data breach that occurred in April, 2023. As is too often the case, the incident resulted in the theft of patients’ protected health information. 11Alive reproduced part of the letter sent to patients, which says: “…while the unauthorized user…
Was BrightStar Care attacked by two different groups — or was there only one breach?
On January 24, DataBreaches was contacted by a spokesperson for AlphV (“BlackCat”) to see if this site would be interested in reporting on a breach involving BrightStar Care (“BrightStar”). BrightStar had been added to their dark web leak site that day but without any proof of claim. The spokesperson was offering to show DataBreaches data…