ROANOKE, Va. – Acting United States Attorney Daniel P. Bubar and Virginia Attorney General Mark G. Herring announced today the finalization of a $2.1 million civil resolution with Allergy and Asthma Associates Inc. [AAA], a Roanoke-based, family-owned medical practice that billed Medicare and Virginia Medicaid more than $600,000 for expensive asthma treatments in did not…
Payroll giant PrismHR outage likely caused by ransomware attack
Lawrence Abrams reports: Leading payroll company PrismHR is suffering a massive outage after suffering a cyberattack this weekend that looks like a ransomware attack from conversations with customers. PrismHR is an online payroll, benefits, and human resources platform used by Professional employer organizations (PEO). PEOs use this platform to provide payroll, HR, and benefits services…
AK: Petersburg hospital responds to potential medical records breach
Angela Denning reports: Petersburg Medical Center announced Monday that it learned of a potential breach of federal health care privacy law with some patients’ medical records. But the community hospital says the information was not released outside its walls. According to a press release, the hospital found that an employee viewed records of patients who…
Serasa asked for bank passwords and will reveal itself
Leonard Manson reports: The São Paulo Consumer Protection and Defense Program (Procon-SP) notified Serasa on Monday (1st) to provide clarifications on the collection, and possible use, of the internet banking passwords required by the credit bureau to carry out searches on the site. The request for a bank password, made in the “customer area”, was…
Rookie coding mistake prior to Gab hack came from site’s CTO
Sometimes you read a story and think, “Oh. This is just too perfect.” This is one of those times. Dan Goodin reports: Over the weekend, word emerged that a hacker breached far-right social media website Gab and downloaded 70 gigabytes of data by exploiting a garden-variety security flaw known as an SQL injection. A quick review of…
Mandiant issues final report on its investigation into Accellion breach
Yesterday, Mandiant issued its final report on its investigation into the Accellion data breach that impacted a number of its big clients including Jones Day law firm, SingTel, Bombardier, Goodwin Procter, the Transport for NSW, the New Zealand Reserve Bank, and others. You can find the report here (pdf). And while the investigation may be…