A recent listing on LockBit’s leak site about Crinetics Pharmaceuticals seemed unusual. It included a disclaimer: “Those responsible for the exfiltration of data belonging to this victim have no association, indirect or direct, with the Lockbit group.” If those who exfiltrated the data had no association with LockBit, why was the listing on LockBit’s site?…
Cyber Safety Review Board Releases Report on Microsoft Online Exchange Incident from Summer 2023
CSRB’s Third Review Focuses on Actions Microsoft, Other Cloud Providers, and the U.S. Government Should Take to Protect Cloud Customers WASHINGTON – Today, the U.S. Department of Homeland Security (DHS) released the Cyber Safety Review Board’s (CSRB) findings and recommendations following its independent review of the Summer 2023 Microsoft Exchange Online intrusion. The review detailed operational and…
Ca: Hacked hospitals sending 326K letters to patients in Windsor, elsewhere
Taylor Campbell reports: Hundreds of thousands of patients, including many in Windsor-Essex, whose personal information was posted to the dark web following a cyberattack last fall will soon receive letters from impacted hospitals. “One patient is clearly too many,” said Windsor Regional Hospital CEO David Musyj. He called criminal cyberattacks “disgusting acts, particularly when aimed…
Au: Diabetes WA reveals data breach
Richard Chirgwin reports: Diabetes WA has disclosed a data breach affecting people who engaged with its telehealth service. In a breach notice posted Tuesday, the organisation said a “third party” gained “access to the personal information of some … contacts.” The personal information possibly exposed in the breach includes name, address, date of birth, email, phone number,…
City of Hope updates a breach disclosure, reports 827,149 patients affected in ransomware attack last year
City of Hope updated its breach disclosure. DataBreaches can now reveal some previously undisclosed details about the 2023 incident. In December 2023, City of Hope, a cancer treatment center in Duarte, California, notified HHS that it had experienced a breach. Its report indicated that “501” patients had been affected, but this was just a marker…
Indiana-based Otolaryngology Associates, LLC notifies 316,802 patients about February cyberattack
Otolaryngology Associates, LLC (OA) has 13 locations throughout Indiana in Indianapolis, Greencastle, Greenfield, Kokomo, Noblesville, and Carmel. On April 1, the ENT (ears, nose, throat) practice notified the U.S. Department of Health and Human Services of a data breach that affected 316,802 patients. According to a notice on its website, OA became aware of the…