Release Date: May 16, 2023 Alert Code: AA23-136A Summary Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs)…
HHS Office for Civil Rights Settles HIPAA Investigation with Arkansas Business Associate MedEvolve Following Unlawful Disclosure of Protected Health Information on an Unsecured Server for $350,000
As background: this case began with someone finding an unsecured FTP server owned by MedEvolve. He reported it to DataBreaches. This site first reported on the leak in 2018. This site also reported when MedEvolve issued a statement months later, and again two years later when HHS got them to notify patients. Today, the U.S….
New York audit: School districts unprepared for cyber attacks
Kathleen Moore reports: Student data, including names, birth dates and addresses, are not always kept secure by school districts or the state Education Department, the state Comptroller’s Office found in an audit issued Tuesday. The Education Department “has not taken the fundamental steps or improved the technical controls needed to secure its own critical systems,” the…
Patients concerned after local allergy clinic closes its doors because of alleged data breach
KOCO reports: A local asthma and allergy clinic has closed its doors because of an alleged security data breach. Patients are now concerned that their medical records may have been compromised. Several patients have told KOCO that they are in need of asthma medication from the Oklahoma Institute of Allergy Asthma and Immunology but have…
Skynet Market founder pleads guilty to conspiracy to sell stolen financial info on the dark web
An Illinois man pleaded guilty yesterday to leading a conspiracy to sell stolen financial information on the dark web, aka darknet. According to court documents, Michael D. Mihalo, aka Dale Michael Mihalo Jr., 40, of Naperville, was the founder of a darknet “carding” site called Skynet Market, which was used to sell stolen financial information…
Franklin County Public Schools hit by ransomware attack
Holly Kozelsky reports: Franklin County Public Schools were closed Monday following a ransomware attack that is still impacting the school division. According to a statement from Franklin County Public Schools Superintendent Bernice Cobbs, the decision was made to cancel classes Monday in the interest of on-campus security as the impact of the cyberattack was being…