Aanchal Nigam reports: Iran’s railroad service became a victim of a cyberattack on July 9 with hackers posting fake delay messages or cancellations on display boards at stations across the country. A semi-official news agency in Iran reported that the hackers had sent messages such as “long delayed because of cyberattack” or “cancelled” on the…
Forefront Dermatology notifying patients and employees about ransomware incident
Update November 17, 2022: Forefront has reportedly settled a class action lawsuit for $3.75 million. Update: July 12, 2021: Post-publication, DataBreaches.net learned that external counsel for Forefront Management, LLC and Forefront Dermatology, S.C. reported the incident to the Maine Attorney General’s Office as impacting 4,431 patients. On July 14, however, this incident was added to…
Kroger reaches $5M settlement with Accellion breach victims, as Supreme Court defines ‘actual harm’
Jessica Davis reports: Kroger reached a $5 million lawsuit settlement with individuals impacted by a breach reported in February. The settlement was the third legal action tied to a health care data breach this week, shedding light on the rise in breach-related lawsuit trends in the sector in the last few years. Read more on…
Ca: Horizon employee fired after ‘significant privacy breach’ at Charlotte County Hospital
Bobbi-Jean MacKinnon reports: A Horizon Health Network employee has been fired after they “inappropriately accessed” the personal health information of 1,251 people at Charlotte County Hospital in St. Stephen, N.B., allegedly “out of curiosity.” In a statement, Horizon’s vice-president of quality and patient-centred care, Margaret Melanson, describes the situation as a “significant privacy breach.” Read…
New York Department of Financial Services Announces a $1.8 Million Settlement with Two Life Insurers for Data Breach Violations
Zachary Dyer, Steven Imber, Justin Liby, and Jennifer Osborn Nix of Polsinelli write: The New York Department of Financial Services (“NYDFS”) recently announced that it has entered into a Consent Order with two affiliated life insurers for alleged violations of New York’s Cybersecurity Regulation (the “NY Cybersecurity Regulation”). The NYDFS conducted an investigation and determined…
Insurance giant CNA reports data breach after ransomware attack
Sergiu Gatlan reports: CNA Financial Corporation, a leading US-based insurance company, is notifying customers of a data breach following a Phoenix CryptoLocker ransomware attack that hit its systems in March. […] “The investigation revealed that the threat actor accessed certain CNA systems at various times from March 5, 2021 to March 21, 2021,” CNA said…