Kevin Collier reports: The U.S. government said Wednesday that North Korea is behind a recent strain of ransomware cyberattacks on hospitals and other health care facilities. The warning is the starkest alert to date that North Korea, which the U.S. has long alleged uses its hackers to raise money for state programs like its nuclear weapons…
VCU Health identifies and addresses a 16-year privacy breach
Soap operas are almost always long-running. Privacy breaches should not be, and 16 years is a very long time for a problem to go undetected. But it appears that’s what happened to the Virginia Commonwealth University Health System (“VCU Health”). Last month, VCU Health disclosed that they had recently learned that beginning as early as…
WI: Southwest Health Center notifies individuals whose protected health information was accessed
Southwest Health Center in Platteville, Wisconsin is a non-profit community health provider. Yesterday they issued a notice about a data security incident they first discovered on January 11 that reportedly impacted certain systems. An investigation determined that an unauthorized party accessed or acquired the personal and protected health information of some current and former employees,…
No need to hack, when it’s leaking, Wednesday edition: WeWork India, Proud Makatizen in Philippines
Two large leaks involving personal information discovered by researchers. First up, Zack Whittaker reports: WeWork India has fixed a security lapse that exposed the personal information and selfies of tens of thousands of people who visited WeWork India’s coworking spaces. Security researcher Sandeep Hodkasia found visitor data spilling from the check-in app on WeWork India’s website, used…
NPM supply-chain attack impacts hundreds of websites and apps
Sergiu Gatlan reports: An NPM supply-chain attack dating back to December 2021 used dozens of malicious NPM modules containing obfuscated Javascript code to compromise hundreds of downstream desktop apps and websites. As researchers at supply chain security firm ReversingLabs discovered, the threat actors behind this campaign (known as IconBurst) used typosquatting to infect developers looking for very popular…
Claire’s data breach $350K class action settlement
Top Class Actions reports that there is a settlement in litigation stemming from a data breach involving customer information in a 2020 breach that affected some customers of Claire’s accessories stores. For approximately two months in 2020, malware compromised payments made on the retailer’s website. The case is Julia Rossi, et al v. Claire’s Stores,…