In recognition of National Cybersecurity Awareness Month, OCR has produced a new video this October for organizations covered under the HIPAA Rules on Recognized Security Practices. Recommended security practices can help organizations improve their ability to safeguard patient information from cyberattacks and better safeguard the health care services we all rely upon. Section 13412 of…
Healthcare provider to incarcerated people discloses breach by data security incident by claims processor
Mediko, Inc. has issued a press release concerning an unintended exposure of protected health information by their third-party claims processor, CorrectCare. According to their notice, on July 6, CorrectCare discovered that two file directories on their server had been misconfigured and were exposing files to the public. The investigation subsequently determined that the exposure occurred…
Hackers selling access to 576 corporate networks for $4 million
Bill Toulas reports: A new report shows that hackers are selling access to 576 corporate networks worldwide for a total cumulative sales price of $4,000,000, fueling attacks on the enterprise. The research comes from Israeli cyber-intelligence firm KELA which published its Q3 2022 ransomware report, reflecting stable activity in the sector of initial access sales…
Twitter’s verification chaos is now a cybersecurity problem
Zack Whittaker reports: Cybercriminals are already capitalizing on Twitter’s ongoing verification chaos by sending phishing emails designed to steal the passwords of unwitting users. The phishing email campaign, seen by TechCrunch, attempts to lure Twitter users into posting their username and password on an attacker’s website disguised as a Twitter help form. Read more at TechCrunch.
FTC Brings Action Against Ed Tech Provider Chegg for Careless Security that Exposed Personal Data of Millions of Customers
The Federal Trade Commission is taking action against education technology provider Chegg Inc. for its lax data security practices that exposed sensitive information about millions of its customers and employees, including Social Security numbers, email addresses and passwords. Chegg allegedly failed to fix problems with its data security despite experiencing four security breaches since 2017….
Employees Report Boss’ Email as Scam After Being Forced to Watch 2-Hour Seminar on Phishing Scams
From Cheezburger: The only thing worse than getting your massive pile of work interrupted by one of those company-wide hours-long mandatory seminars is having to do the seminar twice. After completing one such seminar about how to spot an email phishing scam, one employee received an email from their “IT director” that included a link, which…