GoLocalProv reports: Cooperating attorneys for the American Civil Liberties Union of Rhode Island (ACLU) on Tuesday filed a class-action lawsuit against the Rhode Island Public Transit Authority (RIPTA) and UnitedHealthcare New England (UHC) over an August 2021 data breach at RIPTA that compromised the Social Security numbers and other personal and health care information of…
Search Results for: HCA
Federal and state authorities investigate a data breach at Philadelphia-area OB/GYN practice
Wendy Ruderman reports: Federal and state authorities are looking into allegations that a Main Line Women’s Healthcare employee used a personal cellphone to capture confidential information from medical charts, potentially affecting more than 800 patients at the OB/GYN practice, which has offices in King of Prussia, Malvern, Plymouth Meeting and Bryn Mawr. Read more at…
CISA Alert: Daixin Team
[Comment: I’ve been waiting for this since I first suspected that Daixin Team might be responsible for the CommonSpirit breach. And although it has not been confirmed by anyone, I still suspect them of that one. — Dissent] Alert (AA22-294A) #StopRansomware: Daixin Team Download the PDF version of this report: pdf, 591 KB Technical Details Note:…
Bits ‘n Pieces (Trozos y Piezas)
Gt: Update on VSOP attack on Guatemala’s foreign ministry Last week, DataBreaches reported that the Ministry of Foreign Affairs of Guatemala was a victim of a VSOP attack. The government confirmed an attack on October 5. Services have been restored: Currently, the services are working, which has allowed us to provide uninterrupted attention to all…
Ro says it ‘inadvertently’ exposed employees’ personal information
Zack Whittaker and Natasha Mascarenhas report: Healthcare unicorn Ro is notifying employees of a data exposure involving their personal information after a security contractor “inadvertently” uploaded a spreadsheet of employee data to the internet. In a data breach notice obtained by TechCrunch from an affected employee who received the notice this week, Ro said it…
HC3: Abuse of Legitimate Security Tools and Health Sector Cybersecurity
HC3 has published another guidance (TLP:WHITE) for the healthcare sector. In this one, they discuss how the same tools used to operate, maintain and secure healthcare systems and networks can also be turned against their own infrastructure. The paper includes: Cobalt Strike PowerShell Mimikatz Sysinternals Anydesk Brute Ratel Access the paper on HHS.