CBIZ KA, a third-party vendor for Prime Healthcare (Prime), discovered a security incident involving CBIZ’s use of MOVEit Transfer software, which has recently reported a security vulnerability. Prime takes the responsibility of safeguarding your information very seriously, and while Prime systems were not involved in the incident, CBIZ KA uses MOVEit Transfer to securely transfer…
Seeking clarification on Maine’s data breach notification statute
If you can’t get an interpretation of a state breach notification statute from the state’s attorney general, where can you get it? DataBreaches recently wrote to the Maine Attorney General’s Office: I am not sure I really understand a provision in Chapter 210-B §1348. Security breach notice requirements, and am seeking clarification. In Paragraph 1,…
East River Medical Imaging notifies 605,809 patients of breach
East River Medical Imaging recently sent out notices to 605,809 patients concerning a breach in September. According to a patient notice posted on its website, on September 20, 2023, the New York medical practice identified suspicious activity within its IT network. We immediately initiated our incident response process, began an investigation with the assistance of…
Russian hackers exploiting Outlook bug to hijack Exchange accounts
Bill Toulas reports: Microsoft’s Threat Intelligence team issued a warning earlier today about the Russian state-sponsored actor APT28 (aka “Fancybear” or “Strontium”) actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information. The targeted entities include government, energy, transportation, and other key organizations in the United States, Europe, and the…
Britain dismisses report claiming Sellafield nuclear site hacking, says no malware exists on our system
FirstPost reports: Hours after The Guardian report claimed that UK’s most hazardous nuclear site Sellafield has been hacked into by cyber groups closely linked to Russia and China, Britain on Monday said that it has no records or evidence to suggest that networks were compromised. “Our monitoring systems are robust and we have a high degree of…
23andMe data breach: Hackers accessed data of 6.9 million users
Catherine Stoddard reports: 23andMe, a company that does genetic testing and traces ancestry through shared DNA, confirmed to FOX TV Stations on Monday that hackers accessed personal data of about 0.1% of customers, which amounts to roughly 14,000 people who have used 23andMe. Hackers were able to breach those accounts because the customers had used the same username…