Skip to main content

Cybersecurity Update

- Legacy Community Health Services, headquartered in Houston, TX, is notifying 19,000 patients that their PHI was exposed after email phishing attack.

- UnityPoint Health, headquartered in West Des Moines, Iowa, announced it agreed to pay $2.8 million to settle a class action lawsuit regarding a recent breach that exposed PHI of 1.4 million patients.

- Bleeping Computer magazine is reporting that a hacker group has posted the databases from 14 different companies and posted them for sales on the Dark Web.

- The State of Texas Court System and the Texas Department of Transportation both notified an unknown number of citizens that their info may have been exposed after being hit by Ransom X ransomware.

- Iowa Total Care notified 11,581 patients that their PHI was exposed after an email emailed the info without authorization.

- UF Health (University of Florida Health of Gainesville and Jacksonville) notified 54,002 patients that their PHI was exposed after email phishing attack.

- UCSF Health (University of California – San Francisco) announced that it paid $1.14 million to a hacker to reclaim control of network after being hit by ransomware. Unknown how many patients had their PHI at risk.

- Urban Choice Charter School of Rochester, NY notified an unknown number of students that their info was exposed after being illegally accessed by a former employee.

- OneClass, a national eLearning platform, notified over 1 million students that their info may have been exposed after accidentally made available on Internet to public.

- The Maine State Police notified an unknown number of citizens that their info may have been exposed after data breach of its Maine Information and Analysis Center website.

- North Shore Pain Management, headquartered in Beverly, Massachusetts, notified 12,472 patients that their PHI was stolen after ransomware attack.

- US Cyber Command is warning that foreign state-sponsored hacking groups will try to exploit new security bug found in PAN-OS, the operating system running on firewalls and enterprise VPN appliances from Palo Alto Networks.

- Federal Trade Commission is warning users of TikTok app that its use of HTTP to move sensitive data across the Internet is allowing videos and other content to be tracked and altered.

- IOActive Security is warning that hackers are now trying to inject code into bar code scanners, in attempt to gain access to networks.

- Lucy Security is reporting that SQL databases from 945 websites have been stolen and are now for sale on the Dark Web.

- Sergey Medvedev (aka Stells, Segmed, Serjbear), originally from Russia, pleaded guilty in a U.S. court for his role in an international cyber theft ring (aka Infraud, Obnon, Rector, Helkern), causing loss of $568 million from various organizations.

- Symantec Corp. is reporting that 31 large organizations (including those on Fortune 500 list) have been hit by WastedLocker ransomware.

- ZDNet magazine published results of research that shows that one out of every 142 passwords is the classic "123456" string.

- Bleeping Computer magazine published article that researchers have discovered a new Mac malware that encrypts files on compromised systems like a piece of ransomware, but also allows its operators to steal data and take full control of an infected device.

o Initially named EvilQuest, the malware was later renamed ThiefQuest to avoid confusion as EvilQuest is the name of a video game

- ZDNet is reporting that a hacker uploaded ransom notes on 22,900 MongoDB databases left exposed online, which is 47% of all MongoDB databases online.

If you like something I've posted please feel free to click the "like" button!

Original Post

Add Reply

Link copied to your clipboard.