Chinese Law Enforcement and Intelligence Services Leveraged China’s Reckless and Indiscriminate Hacker-for-Hire Ecosystem, Including the ‘APT 27’ Group, to Suppress Free Speech and Dissent Globally and to Steal Data from Numerous Organizations Worldwide Note: View the indictments in U.S. v. Wu Haibo et al., U.S. v. Yin Kecheng, U.S. v. Zhou Shuai et al. here. The Justice Department, FBI, Naval…
NHS investigates API flaw that exposed patient data
Teiss reports: The National Health Service (NHS) is investigating claims that an application programming interface (API) vulnerability at private healthcare provider Medefer left patient data exposed. The issue, initially raised by an IT whistleblower, has prompted scrutiny from the NHS, which has stated it will take further action if necessary. Medefer, a virtual healthcare provider…
Whitman Hospital & Medical Clinics In Colfax Suffers Cyber Attack
Naomi Diaz reports: Colfax,Wash.-based Whitman Hospital and Medical Clinics’ internal electronic systems are down following a cyberattack. “If you have an appointment at the hospital or any of our clinics on Wednesday, March 5, 2025, please understand there may be delays, however, we remain open and here to care for you,” the hospital wrote in a March…
Supreme Court declines to weigh in on FQHC’s patient data security liability
Dave Muoio reports: The Supreme Court has declined to hear a case on whether a Federally Qualified Health Center is immune from liability over a former patient’s stolen personally identifying information (PII). The class-action lawsuit stemmed from a patient who received care and provided that information to Sandhills Medical Foundation, an FQHC, in 2018. The…
HCRG Care’s lawyers claimed an injunction issued in a “private” hearing required us to remove two posts. We didn’t comply.
Occasionally, entities in other countries try to take legal action against DataBreaches.net to chill or censor this site’s reporting on their breaches. None of them have prevailed, in part due to the protections we have here under the First Amendment, and in part to the pro bono legal defense afforded to this site. This is…
Rite Aid Agrees to $6.8M Settlement Over Data Breach Lawsuit
Rihem Akkouche reports: In a dramatic legal turn, Rite Aid has consented to a $6.8 million settlement to resolve class action allegations that it failed to prevent a cyberattack compromising the sensitive information of over 2 million customers. The settlement, preliminarily approved by U.S. District Judge Harvey Bartle III on Tuesday, allows claimants to receive up to…