- Hanger Prosthetics & Orthotics, Inc. of Kirksville, Missouri notified 6,033 patients that their PHI was exposed after two boxes of paper medical records were found in a storage facility.
- Domestic violence app supported by Dr. Phil suffers data breach
o Aspire News, an app designed to assist domestic violence victims, has suffered a data breach with recordings from victims found on unsecured cloud storage.
o included more than 4,000 voice recordings along with victim details, home
addresses, the nature of their emergency and their location when making the
report.
o app was designed by When Georgia Smiled, a nonprofit founded by TV
personalities Robin McGraw and Dr. Phil.
- Gateway Health of Pennsylvania notified an unknown number of patients that their PHI was exposed after email phishing attack.
- Sunrise Treatment Center of Cincinnati, Ohio notified 3,660 patients that their PHI was exposed after email phishing attack.
- Hundreds of thousands of sensitive files from hundreds of police departments across the country have been exposed after stolen by Distributed Denial of Secrets (DDoSecrets) and posted on a “BlueLeaks” site
- Mid-Michigan College notified 16,000 students that their info may have been exposed after email phishing attack.
- San Francisco Employees’ Retirement System is being sued after personal data for customers was exposed after security breach.
- Deloitte Consulting is being sued as a result of breach that exposed info of people who applied for Pandemic Unemployment Assistance in state of Ohio.
- ConnectWise, headquartered in Tampa, FL, notified dealer resellers across the country who partner with the managed IT firm, that it was hit by ransomware.
- Tallapoosa County Government of Alabama notified an unknown number of citizens that their info may have been exposed after ransomware attack.
- American Medical Technologies of Irvine, CA notified 47,767 patients that their PHI was exposed during recent cybersecurity incident.
- Microsoft announced it is acquiring CyberX Security to add IoT (Internet of things) security products to its offering.
- SecurityWeek magazine is reported that a hacker named ‘Fxmsp” has started selling access to 135 different companies on the Dark Web.
- CHI St. Luke’ Health Memorial Lufkin Medical Center of Texas notified an unknown number of patients that their PHI was exposed after email phishing incident.
- DeKalb Medical Center of Atlanta, GA reports that its former Director of Security, Russell Richardson, pled guilty to using hospital funds to acquire guns, which he then sold for profit.
- Florida Orthopaedic Institute notified an unknown number of patients that their PHI was exposed during recent breach.
- Frost & Sullivan Consulting Inc. of Mountain View, CA notified an unknown number of customers that their info was stolen and now for sale on Dark Web.
- ZDNet magazine is reporting that a hacking group named “The Evil Corp” aka “Dridex Gang” is now attacking organizations in the U.S. with the “WastedLocker” ransomware.
- Symantec is warning healthcare vertical that hackers, using Sodinokibi/REvil malware, are now targeting them looking for PoS (point of sale) software or hardware to steal patient payment information.
- Landmark Hospital of Athens, GA announced it has suspended 3 employees who are suspected of illegally accessing and stealing PHI.
- Kroger Corp., which owns hundreds of grocery stores across the U.S., notified 10,974 customers that their personal info was exposed after its Home Chef home delivery app was hacked.
- Choice Health Management Services of North Carolina notified an unknown number of patients that their PHI was exposed after email phishing attack.
- Clay County Health Center of Liberty, MO notified an unknown number of patients that their PHI was exposed after it has issue with COVID-19 dashboard.
- GRIMM Security reports that 79 different models of Netgear routers have a security vulnerability that does not yet have a patch.
- Armorblox Security is warning customers of Wells Fargo and Bank of America that they are targeting them with new forms of email phishing scams.
- Audit Analytics published results of research:
o Average total cost of a breach at a public company is $116 million
o 34% of the time malware is used to steal information
o 43% of the companies that suffered a breach kept the type of attack to
themselves
- ESET Security warned the healthcare industry of the CryCryptor ransomware that can infect COVID-19 Tracing Apps on Android devices.
- US Department of Homeland Security is warning of a new strain of ransomware named “Nefilim” that is attacking companies that use Citrix remote access technology.
- Obinwanne Okeke of Nigeria pleaded guilty to stealing $11 million from Caterpillar Corp. using email phishing attacks.
- Microsoft is warning customer that use Exchange email servers to update their security as they have detected a massive spike in hacking attempts.
- Akamai Security reported that it just mitigated the largest-ever packet-per-second DDoS (distributed denial of service) attack every recorded.
- A recent report from Kaspersky Lab outlines how hackers are using Google Analytics to steal credit cards, passwords, IP addresses, and more from unknowing users.
- Black Hat published results of survey of IT security professionals:
o 94% = believe pandemic has increased cyberthreats
24% = believe threats are critical and imminent
o 57% = chief concern is remote access systems for remote home workers
o 51% = increased email phishing and social engineering threats
o 87% = believe a successful cyberattack on US infrastructure will occur in next 2years
16% = believe we are prepared for attack
o 70% = will have to respond to major security breach in their own company in
coming year
o 59% = said they do not have adequate staff to handle threats
o 53% = complain of burnout
- Hiscox Insurance published results of survey:
o $57,000 average business loss per cybersecurity incident
o Up from $10,000 last year
o Total of $1.8 billion in losses, up from $1.2 billion
o 39% increase in cybersecurity solution investment