Brett Kelman reports an update to a phishing incident in September: A large Nashville-based healthcare company that was hacked earlier this year said Tuesday an internal investigation has revealed the stolen emails were intercepted before they were ever opened by the cyberattacker. Aspire Health, which offers in-home treatment in 25 states, has also abandoned its legal hunt for the…
R.I. pension system sues Google for not disclosing breach
Donita Taylor reports: Rhode Island is suing the parent company of Google for hiding a security breach that affected 52.5 million users, state General Treasurer Seth Magaziner stated in a news release Tuesday. “Google had an obligation to tell its users and investors that private information wasn’t being protected,” Magaziner stated in the release. […]…
MN: About 500 impacted in Ramsey County Social Services data breach
Bisi Onile-Ere reports: A cyber attack on the Ramsey County Social Services may have comprised hundreds of clients’ private health information. In August, hackers gained access to the accounts of 28 employees in an attempt to divert their paychecks. “At Ramsey County this is the first time that we experienced something like this,” said John…
Computer with data on 20,000 people stolen in Denmark
Confidential data on 20,000 residents in Gladsaxe, a municipality in central Zealand, were saved locally on a computer stolen that was recently stolen from the town’s city hall. The computer was stolen during a break-in between during the weekend of November 30th to December 3rd, Politiken reports. Information stored on the machine includes personal registration numbers, age, gender,…
Pagosa Springs Medical Center pays $111,400 to settle OCR charges for failing to terminate employee’s access to ePHI after employment ended
Another enforcement action by HHS/OCR was announced today. This settlement involving Upper San Juan Health Service District (d/b/a Pagosa Springs Medical Center) is not an incident that I have been able to locate on HHS’s public breach tool or in this site’s records. According to the resolution agreement, the HHS investigation was opened in 2013. No,…
Over 40,000 credentials for government portals found online
Catalin Cimpanu reports: A Russian cyber-security firm says it discovered login credentials for more than 40,000 accounts on government portals in more than 30 countries. The data includes usernames and cleartext passwords, and the company believes they might be up for sale on underground hacker forums. Alexandr Kalinin, head of Group-IB’s Computer Emergency Response Team…