November 1, 2023 TLP:CLEAR Report: 202311011500 Executive Summary A recent attack on a U.S.-based medical facility in October 2023 highlights the potential threat of the ransomware gang, 8Base, to the Healthcare and Public Health (HPH) sector. Active since March 2022, 8Base became highly active in the summer of 2023, focusing their indiscriminate targeting on multiple…
Virginia’s Fairfax Schools Expose Thousands of Sensitive Student Records
Linda Jacobson reports: Virginia’s Fairfax County Public Schools disclosed tens of thousands of sensitive, confidential student records, apparently by accident, to a parent advocate who has been an outspoken critic of its data privacy record. The documents identify current and former special education students by name and include letter grades, disability status and mental health…
Australian Clinical Labs to face court over 2022 data breach
David Hollingworth reports: The Office of the Australian Information Commissioner believes Australian Clinical Labs did not adequately protect personal data, leading to an increased risk of “identity theft, extortion and financial crime”. When MedLabs pathology was hacked in February 2022, 223,000 Australians had their personal information exposed on the darknet, including credit card details and passport…
It took an HHS complaint, but three years later, some Ventura Orthopedic patients are finally being notified of a ransomware attack
In August 2020, DataBreaches reported that the Maze ransomware gang had added Ventura Orthopedics to their name-and-shame leak site. At the time, Ventura did not respond to inquiries about whether they would confirm or deny the claims. And they did not respond to other inquiries from DataBreaches when the Conti ransomware gang subsequently listed 1,850…
Jeffco Public Schools hit by the same threat actors that hit Clark County School District — and via the same way
How many school districts have to get massively hacked by the same method before the U.S. Department of Education, CISA, and states start really pressuring public school districts to address well-known vulnerabilities that are being exploited? Maybe that shouldn’t be a rhetorical question. Last night, DataBreaches was contacted by the same threat actors who claimed…
AU: ‘Curious’ pharmacist spied on patient records at The Alfred
Lachlan Abbott reports: About 7000 Alfred Health patients are victims of a privacy breach after a pharmacist working at Victoria’s leading trauma hospital accessed personal medical records without authorisation. Alfred Health wrote to every patient affected in a letter sent on Monday, seen by The Age, which said the pharmacist was dismissed after an investigation, launched…