Sarah Sinclair reports: A UK medical cannabis clinic is carrying out investigations after a substantial amount of patients’ information was leaked in a major data breach. In an email sent to patients on Monday 18 August, CB1 Medical confirmed it had identified a ‘data security incident’ when patients’ personal details, including prescription information, were found…
Orange Belgium S A informs its customers about a cyberattack
Statement from Orange Belgium S.A. on August 20 2025: At the end of July, Orange Belgium detected a cyberattack on one of its IT systems, resulting in unauthorised access to certain data from 850,000 customer accounts. No critical data was compromised: no passwords, email addresses, bank or financial details were hacked. However, the hacker gained…
Two agencies in one state investigated and fined Healthplex. Was that one too many?
DataBreaches is generally a great fan of state attorneys general taking enforcement action stemming from data breaches where the security was really subpar or the entity did not notify those affected in a reasonable amount of time. But two enforcement actions in New York have me wondering if the state has been a bit unfair…
When a deal is not a done deal: Nova demands higher payment from Clinical Diagnostics (1)
Last week, it appeared that Clinical Diagnostics (“Eurofins”) had paid a gang’s demands not to leak patient data that Nova had exfiltrated during a ransomware attack in July. Clinical Diagnostics in the Netheralands held patient data on 485,000 Dutch women in a cervical cancer screening program. Nova confirmed the payment to a Dutch news outlet….
HHS OCR Settles HIPAA Ransomware Security Rule Investigation with BST & Co. CPAs, LLP
In February 2020, DataBreaches reported that patients of Community Care Physicians in New York may have had their protected health information, date of birth, and insurance coverage exposed as a result of a ransomware attack by Maze Team at the Albany-based accounting firm BST & Co. CPAs. The incident was reported at the time to…
Microsoft’s Nuance coughs up $8.5M to rid itself of MOVEit breach suit
Carly Page reports: Microsoft-owned talk-to-text outfit Nuance has agreed to cough up $8.5 million to settle a class action lawsuit over the sprawling MOVEit Transfer mega-breach – although it admits no liability. The proposed deal [PDF], filed in a Massachusetts federal court last week, would draw a line under litigation brought by individuals who claimed that the company failed…