- The average ransom payment to ransomware operators is now $220,298, up 43% YoY, according to Coveware Security
- Reverb Inc. headquartered in Chicago, IL, notified an unknown number of users for its musical instrument marketplace website that their info may have been exposed during recent data breach.
- Sapphire Community Health of Hamilton, MT notified 4,000 patients that their PHI was stolen during recent ransomware attack.
- Centennial School District of Portland, Oregon notified 6,100 students that their info may have been exposed after ransomware attack.
- HME Specialists, headquartered in Albuquerque, New Mexico, notified 153,000 patients that their PHI was exposed after email phishing attack.
- Doctors Medical Center of Modesto, CA notified an unknown number of patients that their PHI was accidentally posted online for past year.
- The FBI published a warning that Russian hackers, APT 29, Dukes and CozyBear have ramped up activity attempting to target large organizations in the U.S. to steal intelligence.
- Indiana University Health CISO Mitch Parker stated that the 3 major security gaps not being addressed by healthcare executives are:
- Supply Chain
- Organizational Integration
- Physical Security
- The Metropolitan Police in Washington D.C. notified an unknown number of citizens that the Babuk hacking group stole 250GB of data.
- Peak Vista Community Health Centers of Colorado notified an unknown number of patients that their PHI was stolen during recent burglary.
- The hacking group, Qlockers, claims that they were able to collect $260,000 in ransom in 5 days by attacking vulnerable organizations.
- Radixx, a division of Sabre Corp. in Southlake, Texas, was hit by malware, which impacted 20 airlines that uses its software to ticket reservations.
- PCS Revenue Control Systems Inc., headquartered in Englewood, Colorado, notified 867,209 students in Alabama, Florida, Georgia and Texas that their info was exposed after its student nutrition database was hacked.
- VEP Healthcare of Concord, CA notified an unknown number of patients that their PHI was exposed after email phishing attack.
- Gyrodata Corp. of Houston, TX notified an unknown number of customers of its oilfield services that their info was exposed after cyberattack.
- Maine Department of Health & Human Services notified an unknown number of mental health patients that their info was exposed after it was accidentally posted on public website.
- Wyoming Department of Health notified 164,021 patients that their PHI was exposed after it was accidentally posted on public website.
- Experian announced it fixed a problem that accidentally allowed anyone to look up the credit score of “tens of millions” of Americans.
- Osborn Cancer Center of Chehalis, WA notified an unknown number of patients that their PHI may have been exposed after ransomware attack from Avaddon hacking group.
- Proofpoint, a security solution firm headquartered in Sunnyvale, CA, announced it was acquired Thoma Bravo for $12.3 billion
- Thoma Bravo also owns Kofax and Hyland
- The FBI handed over 4.3 million email addresses that were harvested by the Emotet botnet.
- Cisco announced it released patches to fix security vulnerabilities for its Firepower Threat Defense software used in its firewall solutions
- Data Breach Today News reports on ransomware:
- 80% of all ransoms paid went to 199 addresses
- 21 days = average downtime after ransomware attack
- 287 days = average amount of time to fully recover from ransomware attack
- $350 million = total ransoms paid in 2020
- $312,413 = average ransom paid
- Google is being sued by people who had their PHI exposed after using the GAEN corona virus tracing tool, which apparently exposed PHI of millions of users.
- Thrifty White Pharmacy, headquartered in Plymouth, MN, notified an unknown number of patients that their PHI was exposed after a cybersecurity incidient:
- operations in six states, Montana, North Dakota, South Dakota, Minnesota, Wisconsin, and Iowa
- The State of Pennsylvania is notifying 72,000 patients that their PHI was exposed after a third party vendor, Insight Global of Atlanta, Georgia, which manages the corona virus contact tracing database suffered a breach.
- AmeriFirst Financial, Inc., headquartered in Kalamazoo, MI, notified an unknown number of customers that their info was exposed after cyber attack.
- Einstein Healthcare Network, headquartered in Philadelphia, PA, is facing a class action lawsuit over an August 2020 phishing attack that resulted in multiple employee email accounts being accessed by an unauthorized individual that exposed PHI of 353,616 patients.
- River Springs Health of Bronx, NY notified 31,000 patients that their PHI was exposed after email phishing attack.
- Health Center Partners of Southern California in San Diego, CA, notified an unknown number of patients that their PHI was exposed after ransomware attack.
- The Transportation Research Board, headquartered in Washington D.C., notified an unknown number of members that their info was exposed after a database, managed by J. Spargo & Associates of Fairfax, VA was hacked.