Mason Doktor reports that Jones Eye Clinic and CJ Elmwood Partners, L.P., an affiliated surgery center, experienced a ransomware attack on the evening of August 22. The attack affected 40,000 patients seen between Jan. 1, 2003 and Aug. 23. The providers were able to restore from backup and did not pay any ransom. Their full notice…
Category: U.S.
Data leak at consulting firm handling fundraisers for the Democratic party
Catalin Cimpanu reports: A Maryland consulting firm that handles political fundraisers for the Democratic Party has left fundraiser data and passwords to databases storing voter records exposed online via an unsecured network attached storage (NAS) device. The exposed data was found last week by Bob Diachenko, Director of Cyber Risk Research at Hacken, a cyber-security…
Byram Healthcare notifies patients about rogue insider incident
Byram Healthcare is a firm that provides disposable medical supplies. They were acquired in 2017 by Owens & Minor. On October 22, Byram sent notification letters to patients whose data may have been stolen and/or misused by a former employee. Byram learned of the former employee’s wrongdoing when they were contacted by law enforcement. In…
Update: TIO Networks notifies consumers of breach going back to 2014 or earlier
TIO Networks USA was acquired by PayPal in July, 2017. Months later, they reported, services were suspended after discovery of vulnerabilities. Investigation into those vulnerabilities resulted in TIO having to report that it had been hacked by 2014 and possibly earlier. According to information provided in December, 2017, 1.6 million consumers were affected. From their…
Follow-up: Mecklenburg Co. not fined for releasing personal information of health department patients
WSOC-TV reports: The United States Department of Health and Human Services Office of Civil Rights did not fine Mecklenburg County for inadvertently providing Channel 9 with the personal medical information of thousands of health department patients in 2017. Records show Mecklenburg County self-reported the potential HIPAA violation on May 4, 2017. In March 2017, in…
Man who targeted Georgia Tech employees through phishing scheme sentenced
J. D. Capelouto reports: A Nigerian man was sentenced to five years and 11 months in prison on Monday for his role in an online scam that accessed the employee bank accounts of several colleges and universities, including some at Georgia Tech, federal prosecutors said Tuesday. Olayinka Olaniyi, 34, was part of a “phishing” scheme that…