More than two months after Fortra first began notifying clients that threat actors had exploited a vulnerability in GoAnywhere, many patients whose protected health information was stolen may still have no clue. In Part 1, we noted six entities that have disclosed the breach. Five of them are listed on Clop’s leak site with their…
Campbellford Memorial Hospital employee makes ‘unauthorized’ access to 3,500 patient records
Greg Davis reports: Campbellford Memorial Hospital says an employee has apologized for making “unauthorized” access to more than 3,500 patients records. Global News Peterborough has obtained a copy of one of the 3,500 letters sent to patients last week outlining a privacy breach at the hospital in the Municipality of Trent Hills. In the letter, hospital chief privacy…
The Fortra/GoAnywhere breach also affected healthcare entities. Here’s what we know so far. (3)
More than two months after Fortra first began notifying clients that threat actors had exploited a vulnerability in GoAnywhere, many patients whose protected health information was stolen may still have no clue. In Part 1, we note entities that have already disclosed the breach. In Part 2, we will note those entities that do not…
Illuminate Education Beats Lawsuit Over Breach of Student Data
Christopher Brown reports: Illuminate Education Inc. defeated a proposed class action alleging it negligently failed to protect the information of more than 3 million elementary and high school students that was exposed in a late-December 2021 data breach. The plaintiffs failed to show that they had suffered concrete harm from the breach or were at…
D.C. Health Exchange Needs Broker Identity Theft Posse
Allison Bell reports: The builders of the Affordable Care Act health insurance exchange system once wondered whether agents and brokers would have a role in the health insurance market. Now, the managers of the ACA public exchange for the District of Columbia are turning to brokers to help persuade more users to protect themselves against the effects of…
3CX Breach Was a Double Supply Chain Compromise
Brian Krebs reports: In late March 2023, 3CX disclosed that its desktop applications for both Windows and macOS were compromised with malicious code that gave attackers the ability to download and run code on all machines where the app was installed. 3CX says it has more than 600,000 customers and 12 million users in a broad range of industries,…