Updated April 25: This incident was reported to HHS as impacting 197,661 patients. Original post: Here’s their press release. The release does not explain how the attacker(s) first gained access to certain servers in January. Was the infection intended to cover up the earlier activity? It’s not clear to me. Nor does the press release…
Accounting firm notifies clients affected by Citrix Shareful incident
In December, 2018, Citrix forced a password reset for some of its clients due to what appeared to be a credential stuffing attack against ShareFile. But did some customers first find out about it March? On April 16, external counsel for LD Evans, CPA provided notification that began; On March 4, 2019, LD Evans learned…
EU: No evidence of Kaspersky spying despite ‘confirmed malicious’ classification
Catalin Cimpanu reports: In a document published today, the European Commission has revealed that they don’t have any actual evidence of Kaspersky software being used for spying on behalf of the Russian government, as the US government alluded in 2017. The document was the Commission’s reply to a series of questions submitted by Gerolf Annemans,…
Five months after disclosing a patient PHI breach involving employee email accounts, Metrocare discloses a second, identical, breach?
On April 5, Metrocare Services in Texas notified HHS that it was notifying 5,290 clients of a breach. A notice on their web site explains: On February 6, 2019, we learned an unauthorized third party gained access into some Metrocare employees’ email accounts beginning on January 2019. We immediately took steps to secure the accounts…
Experts: Breach at IT Outsourcing Giant Wipro
Brian Krebs reports: Indian information technology (IT) outsourcing and consulting giant Wipro Ltd. [NYSE:WIT] is investigating reports that its own IT systems have been hacked and are being used to launch attacks against some of the company’s customers, multiple sources tell KrebsOnSecurity. Wipro has refused to respond to questions about the alleged incident. Read more on…
Morrisons granted permission for Supreme Court appeal over data breach ruling
Sebastian McCarthy reports: Morrisons has been granted permission to appeal to the Supreme Court after losing a major court case over a data leak. In October the UK’s fourth-biggest supermarket lost an appeal against a High Court ruling that concluded the firm was legally liable for a former employee leaking personal information about 100,000 staff…