In March, thousands of elastic search installations were wiped out and all that was left was a calling card, “NightLionSecurity.com.” Now there’s a new round of attacks using a “Meow” calling card as they wipe out ElasticSearch and MongoDB databases. Dan Goodin reports: More than 1,000 unsecured databases so far have been permanently deleted in…
VA sending letter to 1,501 Montana vets about business associate ransomware incident
The Great Falls Tribune reports: The U.S. Department of Veterans Affairs Veterans Health Administration on Thursday announced actions taken to protect veterans’ personal information following a recent privacy breach involving files from the Montana VA Health Care System. Officials said they were notified June 4, by former contractor Benefits Recovery Specialists Inc. of “a data…
Ca: Employee charged in 407 ETR data breach involving 60,000 customers
Canadian Press reports: An employee from a company that operates a well-traveled toll road in southern Ontario has been charged in a major breach of customer data. York Regional Police allege the 407 Express Toll Route employee used a company computer to access and compile a list of names, addresses and phone numbers of 60,000…
Es: Adif hit by cyberattack
Some people might remind us all that threat actors don’t need the media giving them free publicity, but the public is still interested in knowing about what impacts them. And attacks on infrastructure tend to be newsworthy. David Burroughs reports: Spanish infrastructure manager Adif has been hit by a cyberattack in which hackers have claimed…
Garmin services and production go down after ransomware attack
Catalin Cimpanu reports: Smartwatch and wearables maker Garmin has shut down several of its services on July 23 to deal with a ransomware attack that has encrypted its internal network and some production systems. The company is currently planning a multi-day maintenance window to deal with the attack’s aftermath, which includes shutting down its official…
Small Health Care Provider Fails to Implement Multiple HIPAA Security Rule Requirements
There’s been a rare sighting of a 2020 HHS settlement of HIPAA charges. An almost 10-year old report of what would be a relatively small breach led to an investigation that uncovered persistent failures to implement the HIPAA Security Rule. From HHS: Metropolitan Community Health Services (Metro), doing business as Agape Health Services, has agreed…