iconBrandon Vigliarolo reports: Barring a last-minute deal, the US federal government would shut down on Wednesday, October 1, and the 2015 Cybersecurity Information Sharing Act would lapse at the same time, threatening what many consider a critical plank of US cybersecurity policy. The CISA Act of 2015 (not to be confused with the CISA Act…
Archer Health was leaking protected health information. Criminals appear to have found it. (2)
From our “No Need to Hack When It’s Leaking” files, a report involving Archer Health, an in-home healthcare provider. Website Planet recently reported a misconfigured bucket that was found by researcher Jeremiah Fowler. The unencrypted and non-password-protected database reportedly contained approximately 145k files (totaling 23 GB). “In a limited sampling of the exposed files, I…
Columbia University Irving Medical Center pays $600K in data breach lawsuit settlement
In May 2024, DataBreaches logged an incident on our worksheets that involved the Columbia University Irving Medical Center in New York. The incident had been reported to HHS as affecting 29,629 patients whose name, medical record number, date of birth, provider name, and laboratory test result had been exposed between Sept. 11, 2023, and March…
Teens arrested by Dutch police reportedly suspected of spying for Russia
How much money enticed these teens to do something that may have just wrecked their future? Did they see it as just quick and easy money and no big deal? Alexander Martin reports: Two teenagers have been arrested in the Netherlands on suspicion of espionage, reportedly on behalf of pro-Russian hackers. The boys, both aged…
ApolloMD notifies patients of 11 physician practices affected by a June cyberattack
On June 12, 2025, Qilin added ApolloMD to their darkweb leak site with a date of June 6. They claimed to have 238 GB of files. ApolloMD, headquartered in Georgia, is a business associate to hospitals and health systems, providing them with services to enhance clinical operations and patient care, and to optimize financial performance….
‘No Harm, No Foul:’ Courts Take Tougher Line on Data-Breach Suits
Angus Loten reports: A deluge of data-breach lawsuits has a growing number of U.S. judges insisting victims show exactly how their leaked personal data caused “tangible harm,” a high bar that is getting more cases tossed out of court. Judges are also requiring plaintiffs to trace any damages back to a particular breach—a tougher condition…