On August 4, Practice Resources, LLC notified the California Attorney General’s Office that it had been the victim of a ransomware attack on April 12. They also notified HHS that 942,138 patients were affected by the breach (see below). The New York firm is a business associate that provides a variety of health management services,…
Atlantic Dialysis Management Services notifies patients of data security incident
On August 5, Atlantic Dialysis Management Services (ADMS) in New York issued a press release that no longer appears to be available on any of the sites that published it — with one exception. ADMS also posted a security incident notice on its website. Their website notice reads, in part: On June 9, 2022, Atlantic…
Chile: Empresa Nacional Del Petroleo spared from financial losses in BEC attack by alert bank
ENAP (Empresa Nacional Del Petroleo), is a Chilean state-owned company engaged in the exploitation, production, refining, and marketing of oil and its derivatives. It reports administratively to the Ministry of Energy. As Nicolas Parra Tapia and Felipe Diaz Montero recently reported, well-known Nigerian cybercriminals had targeted ENAP in a wire transfer scheme. It was only…
Florida Orthopaedic Institute settles lawsuit after 2020 ransomware incident
Top Class Actions reports that Florida Orthopaedic Institute, ooerated by the Musculoskeletal Institute, has agreed to pay $4 million to settle claims stemming from a 2020 ransomware attack. The incident was first disclosed in June 2020, and then reported to HHS on July 1 as affecting 640,000 patients. There is no notation in HHS’s public…
Digital Ocean dumps Mailchimp after attack leaked customer email addresses
Simon Sharwood reports: Junior cloud Digital Ocean has revealed that some of its clients’ email addresses were exposed to attackers, thanks to an attack on email marketing service Mailchimp. This story starts last week when some of the blockheads in crypto-land noticed that email marketing service Mailchimp had suspended service for some of their fellow…
U.K.: South Staffordshire Water says it was target of cyber attack as criminals bungle extortion attempt
It is not unheard of for ransomware groups to publicly misidentify their victims. We saw such errors from the outset of groups publicly naming and shaming victims and leaking data. DataBreaches reported on a few such cases involving Maze and has reported on other misidentifications in other groups since then. DataBreaches has occasionally contacted threat…