- TV celebrity Scott Disick, father of 3 children with Kourtney Kardashian, has filed a lawsuit against All Points Lodge Rehab in Edwards, Colorado for a HIPAA breach.
o He reportedly had recently checked himself into the facility for substance abuse, and apparently an employee at the facility may have sold this story to tabloid publications.
- Ann and Robert Lurie Children’s Hospital of Chicago, IL notified 4,824 patients that their PHI was illegally accessed by a former employee.
- Vanessa Bryant has filed lawsuit against Los Angeles County Sheriff’s department for allowing officers to take and share photos of helicopter crash scene involving her husband (Kobe Bryant) and daughter.
- Dark Reading survey results on endpoint security:
o 51% = some devices are running non-supported end-of-life software code
o 46% = expect to spend more on security solutions
o 80% = ransomware is driving them to invest more
o 71% = identify email phishing as biggest concern
o 47% = daily issue with downloading malware
o 40% = have deployed endpoint detection tool
o 63% = identify printers and MFPs as endpoints that may be unsecure
- GoDaddy Inc., headquartered in Scottsdale, AZ, notified an unknown number of customers that their info may have been exposed after hacking incident.
- Fresenius Health, which operates 2500 healthcare facilities in the U.S., and is headquartered in Germany, notified an unknown number of patients that their PHI may have been exposed after ransomware attack.
- BJC Healthcare of St. Louis, MO notified an unknown number of patients that their PHI was exposed after email phishing attack.
- Saint Francis Healthcare Partners of Hartford, CT notified 38,529 patients that their PHI was exposed after email phishing attack.
- The U.S. Cybersecurity and Infrastructure Security Agency published an alert warning that hackers from Russia, China and Iran are targeting healthcare workers and medical researchers in the U.S.
- Europol arrested 5 hackers in Poland who were allegedly running the Infinity Black hacker group, which markets stolen information on the Dark Web.
- FBI issued a warning that hackers are now using email phishing campaigns with subject lines referencing the Federal Reserve and SBA business loan programs.
- Intezer Labs reports that new malware, designed in China, named Kaiji, is being used by hackers to target IoT (Internet of Things) devices using SSH (secure socket shell) brute-force attacks. (IoT devices could include printers and MFPs)
- Ransomware causes an average of 15 days of EHR downtime in healthcare according to new report from Coveware
o Average ransom paid is now $112,000
- Security solutions in place today generate on average an alert for only 9% of all attacks on company networks, according to report from Mandiant
o 26% of attacks are eventually detected
o 33% of attacks are prevented
o 53% are missed entirely
- York University of Canada is notifying an unknown number of students and staff that their info may have been exposed after an “extremely serious” cyberattack.
- Dakota Carrier Network of North Dakota notified an unknown number of its broadband customers that their info may have been exposed after a ransomware attack.
- 190 law firms in the United States may have to notify their clients that their info may have been exposed after a breach at Advanced Computer Software, which the law firms use to store files in their database.
- PeroxyChem of Philadelphia, PA notified an unknown number of customers that their info was exposed after a breach.
- Santa Monica-Malibu Unified School District of California notified an unknown number of students that their info was exposed after an email phishing attack.
- Nashville Plastic Surgery Institute, dba Maxwell Aesthetics of Tennessee, notified an unknown number of patients that their PHI was exposed after ransomware attack.
- Dr. Kristen Tarbet Plastic Surgery of Bellevue, WA notified an unknown number of patients that their PHI was exposed after ransomware attack.
- LineageOS announced that hackers gained access to the core infrastructure of its operating system, which is based on Android OS, and is used by smartphone, tablets, and set-top cable TV boxes.
o Could allow hackers to bypass login procedures and run code to mine for valuable data
- Wordfence Cybersecurity reported that a hacker group attempted to hijack 900,000 WordPress websites.
o Hackers launched more than 20 million exploitation attempts against 500,000 domains.
- AFP (Association for Financial Professionals) reports that 80% of surveyed businesses were targeted by a BEC (business email compromise) scam, up 77% from 2019.
o 54% admit to being financially impacted
- Tesla was notified that eBay is selling used Tesla auto console units, which include personal info from former customers.
- SAP is notifying 9% of 440,000 customers about security holes in its cloud based products.
- Toll Group, a worldwide logistics firm, headquartered in Australia, is notifying an unknown number of customers that their info may have been exposed after ransomware attack.
- Roblox Gaming announced one of its former workers accepted a bribe from a hacker allowing them to access info on 100 million users of its video game.
- Samsung released another security update to fix a new flaw in all of its Android-based phones sold since 2014.
- Microsoft is claiming that there are 150 million users who do not use password to logon.
- Danielle Wolfe, a former nurse, has filed a whistleblower lawsuit against McCracken County Jail in Kentucky, claiming she was fired after exposing HIPAA violations.
- Chief Security Officer magazine reports that:
o Average cost to a business per record lost is $233
o Hackers can acquire malware for as little as $45
o Tutorials to learn how to use malware = $5
o $28,000 is cost of cell tower simulator kit to intercept smartphone call data
o Total email phishing campaign kit including hosting = $500 per month on average
o Malware kit with hosting and distribution = $723 average cost
o Ransomware campaign = $1000 on average
o $25,000 is average return to hacker for low end cyber attack
Original Post