Between May 23 and 24, 2018, NorthStar learned of an email phishing campaign that resulted in the compromise of certain employees’ email credentials. NorthStar immediately took steps to respond and commenced an investigation to determine the nature and scope of the incident, as well as determine what information may be affected. The investigation included working…
Category: U.S.
Short Circuit: How a Robotics Vendor Exposed Confidential Data for Major Manufacturing Companies
The UpGuard Cyber Risk team can now disclose that sensitive documents for over a hundred manufacturing companies were exposed on a publicly accessible server belonging to Level One Robotics, “an engineering service provider specialized in automation process and assembly for OEMs [original equipment manufacturers], Tier 1 automotive suppliers as well as our end users.” Among…
Ballad Health employee fired after accessing patients’ records without permission
Slater Teague reports: Ballad Health says an employee has been fired for accessing patients’ records without an appropriate reason to do so. The health system says it learned of the data breach on May 28. According to Ballad, the former employee viewed patients’ records, accessing both demographic and clinical information. Read more on WJHL.
Samsam infected thousands of LabCorp systems via brute force RDP
Steve Ragan reports: LabCorp, one of the largest clinical labs in the U.S., said the Samsam ransomware attack that forced their systems offline was contained quickly and didn’t result in a data breach. However, in the brief time between detection and mitigation, the ransomware was able to encrypt thousands of systems and several hundred production…
New England Dermatology creates new protocol after improper patient records disposal
Amy Phillips reports: New England Dermatology, P.C., d/b/a New England Dermatology and Laser Center (“NEDLC”), is reporting that paper records containing health information of patients who were seen at their Northampton office during a period from approximately June 10, 2013 to May 23, 2018 were discarded without first being shredded. NEDLC self-reported the lapse in appropriate waste…
Robocall Firm Exposes Hundreds of Thousands of US Voters’ Records
Catalin Cimpanu reports: RoboCent, a Virginia Beach-based political robocall firm, has exposed the personal details of hundreds of thousands of US voters, according to the findings of a security researcher who stumbled upon the company’s database online. The researcher, Bob Diachenko of Kromtech Security, says he discovered the data using a recently launched online service…