Otolaryngology Associates, LLC (OA) has 13 locations throughout Indiana in Indianapolis, Greencastle, Greenfield, Kokomo, Noblesville, and Carmel. On April 1, the ENT (ears, nose, throat) practice notified the U.S. Department of Health and Human Services of a data breach that affected 316,802 patients. According to a notice on its website, OA became aware of the…
No need to hack when it’s leaking, Wednesday edition: Eyecare Services Partners exposed more than 2 million patients’ SSN – researcher
EyeCare Services Partners (ESP) is a private company with a network of ophthalmologic, optometric and ambulatory surgery centers. It is headquartered in Dallas, Texas. On February 9, an IT student who was searching the internet for exposed datasets noticed that ESP had an unsecured blob listed on GrayhatWarfare. Due to other work, “JLT” (as he…
Cybercriminals Abused Remote Desktop Protocol (RDP) in 90% of Attacks Handled by Sophos Incident Response in 2023
Some more analysis of 2023 breaches. Sophos reports that for more than 150 incident response (IR) cases it handled in 2023, cybercriminals abused remote desktop protocol (RDP) in 90% of attacks. This was the highest incidence of RDP abuse since Sophos began releasing its Active Adversary reports in 2021, covering data from 2020. In addition,…
Indian government’s cloud spilled citizens’ personal data online for years
Jagmeet Singh reports: The Indian government has finally resolved a years-long cybersecurity issue that exposed reams of sensitive data about its citizens. A security researcher exclusively told TechCrunch he found at least hundreds of documents containing citizens’ personal information — including Aadhaar numbers, COVID-19 vaccination data, and passport details — spilling online for anyone to…
Proposed CorrectCare Breach Settlement Rejected Over Equitable Treatment
Christopher Brown reports: A proposed $6.49 million settlement of a lawsuit alleging that CorrectCare Integrated Health LLC failed to protect the personal information of 647,000 people in a January 2022 data breach was rejected by a federal court. Plaintiffs Virginia Hiley, Christopher Knight, Kyle Marks, and Marlena Yates failed to show in their motion for settlement approval…
Ernest Health rehabilitation hospitals notify patients of ransom attack in January (2)
As of this morning, more than a dozen rehabilitation hospitals have disclosed a breach with unauthorized access to their systems between January 16 and February 4. The intrusion was discovered on February 1. The attack resulted in access to patient data that included names and at least one of “addresses, birth dates, medical record numbers,…