Ashley Capoot reports: UnitedHealth Group on Monday said it paid ransom to cyberthreat actors to try and protect patient data, following the February cyberattack on its subsidiary Change Healthcare. The company also confirmed that files containing personal information were compromised in the breach. “This attack was conducted by malicious threat actors, and we continue to…
Two ransomware attacks in 2023 first disclosed in April — Kisco Senior Living, Blackstone Valley Community Health Care (1)
Two more ransomware incidents that occurred in 2023 were disclosed this week. One was disclosed 10 months after the incident, and the other was disclosed 5 months after the incident. Kisco Senior Living On or about June 15, 2023, BlackByte claimed responsibility for a ransomware attack on Kisco. This week, Kisco filed a notification with…
Cyberattack on Change Healthcare has scammers targeting Nebraska patients
Abigail Carrera reports: A recent cyberattack on Change Healthcare has resulted in scammers targeting Nebraska patients. Bryan Health has received multiple reports of scammers reaching out to patients claiming to be representatives from hospitals across Nebraska and surrounding areas. Scammers are reportedly telling patients they’re entitled to a full refund if they provide them with a credit…
Valley Mountain Regional Center discloses a breach, but are patients still in the dark? (1)
In November 2021, Valley Mountain Regional Center (VMRC) notified HHS that multiple employees were the victims of a phishing scheme that compromised the protected health information (PHI) of 17,197 individuals. They notified HHS, affected individuals, media, and provided substitute notice. HHS reports, “In its mitigation efforts, the Business Associate strengthened its technical safeguards to better…
Sg: App managing student devices in 127 schools hacked; names and e-mail addresses leaked: MOE
Lok Jian Wen reports: The names and e-mail addresses of parents and teachers of 127 primary and secondary schools were leaked after a mobile platform on students’ personal learning devices was hacked, said the Ministry of Education (MOE) on April 19. The Mobile Guardian app, which is installed on personal learning devices including Chromebook laptops…
International investigation disrupts phishing-as-a-service platform LabHost – EUROPOL
This week, law enforcement from 19 countries severely disrupted one of the world’s largest phishing-as-a-service platform, known as LabHost. This year-long operation, coordinated at the international level by Europol, resulted in the compromise of LabHost’s infrastructure. Between Sunday 14 April and Wednesday 17 April a total of 70 addresses were searched across the world, resulting…