The ransomware gang known as Clop created massive headaches for numerous entities with attacks involving the exploitation of vulnerabilities in file transfer software. Since December 2020, the same gang exploited vulnerabilities in Accellion, Fortra’s GoAnywhere software, and Progress Software’s MOVEit software. Christopher Brown reports a litigation update in cases stemming from the GoAnywhere breach disclosed…
Two hosting companies in Romania had what appear to be unrelated breaches. Did either one ever issue a public notice? (2)
In April 2023, DataBreaches reported on an alleged incident involving TIC Hosting in Romania. No one from TIC Hosting ever responded to inquiries from this site, and inquiries to the data protection regulator for the country indicated that TIC Hosting had never reported any data protection incident to them. And that seemed to be the…
HHS’ Office for Civil Rights Settles Malicious Insider Cybersecurity Investigation for $4.75 Million
Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), announced a settlement with Montefiore Medical Center, a non-profit hospital system based in New York City for several potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. OCR is responsible for administering and enforcing health information…
Ca: Hamilton’s Paramedic Service mistakenly sent patient info to wrong hospitals
Roger Collins reports: The Hamilton Paramedic Service says it has been mistakenly sending the personal information of some of its patients to the wrong hospital. Over the last four years, according to the municipal healthcare service, some paramedics have accidentally selected the incorrect hospital when submitting a patient’s records in correspondence to where they were…
Millions at risk of fraud after massive health data hack in France
Richard Henshell reports: Millions of people are at risk of fraud after a data breach at a company that manages the third-party payments for 84 top-up insurance providers. Viamedis, whose systems the third-party payments for over 20 million people, announced the data breach on February 2. Its clients include Carte Blanche Partenaires, Itelis, Kalixia and…
Proposed contractor cyber reporting rule sets a ‘significantly problematic’ bar, industry groups say
David DiMolfetta reports: Cybersecurity and technology trade groups are urging agencies to rethink a proposed measure that would intensify requirements for federal contractors when they report cybersecurity incidents, arguing they are inconsistent with other cyber regulations and demand too much from contracted firms targeted in cyberattacks. The proposed rule from the Pentagon, GSA and NASA — the…