IT Security Incidents
Stay informed about real-world incidents that impact organizations and individuals. Get insights into data breaches, hacking attempts, and distributed denial-of-service (DDoS) attacks, along with expert analysis and recommended countermeasures.
43,000 UT Southwestern Medical Center Patients Impacted by Data Breach
UT Southwestern Medical Center (UTSW) in Texas submitted a breach report to the HHS’ Office for Civil Rights (OCR) involving an email-linked unauthorized access/disclosure incident that affected the protected health information (PHI) of about 43,048 … Read more
Kaye-Smith Pays $2 Million to Resolve Class Action Data Breach Lawsuit
The marketing firm and mailing vendor, Kaye-Smith Enterprises, opted to settle a class action lawsuit associated with a cyberattack and data security breach in 2022. Hackers acquired access to its network, deployed ransomware for file … Read more
GoodRx to Pay $25 Million to Settle Tracking Technology Lawsuit
Telemedicine platform company and drug discounter GoodRx will pay $25 million to settle a consolidated class action lawsuit. When users became aware that GoodRx used website tracking tools on its platform and shared website visitor … Read more
Truepill Pays $7.5 Million To Settle Data Breach Lawsuit
Postmeds Inc., dba Truepill, an online pharmacy, has agreed to negotiate a class action lawsuit it faced due to a 2023 data breach that impacted 2,364,359 people. U.S. District Court Judge Haywood S. Gilliam gave … Read more
UMC Health System Hit by Ransomware Attack
In late September 2024, the UMC Health System in Lubbock, Texas, suffered a ransomware attack that greatly affected its IT infrastructure. The attack forced the health system to divert ambulances and patients to other hospitals … Read more
U.S. Indicts Three Iranians in Trump Campaign Hack
The U.S. Department of Justice recently announced charges against three Iranian operatives accused of hacking into former President Donald Trump’s campaign and leaking confidential documents. The indictment details the hacking operations linked to Iran’s Islamic … Read more
CrowdStrike’s Apology and the Fallout from the Global IT Outage
The prominent cybersecurity company “CrowdStrike”, recently issued a public apology after a widespread IT outage caused by its Falcon Sensor software update brought many systems to a standstill. Affecting an estimated 8.5 million Windows PCs … Read more
Impact of the Ransomware Attack on Ascension’s Financial Recovery
Healthcare system Ascension based in St. Louis, MO encountered a ransomware attack in May 2024 that considerably impacted the company, both operationally and financially. Because of the attack, Ascension diverted ambulances, closed pharmacies, took down … Read more
Disney Phasing Out Slack After Massive Data Breach
In July 2024, The Walt Disney Company faced a cybersecurity breach when over 1TB of sensitive data was stolen from its internal Slack channels. The breach was carried out by the group ‘NullBulge,’ exposing confidential … Read more
High Court Battle Looms for Capita Over Major Data Breach in 2023
Nearly 8,000 individuals are set to join a High Court case against the outsourcing firm ‘Capita’ , following a cyberattack that occurred in March 2023. Barings Law, the Manchester-based legal firm representing the claimants, has … Read more
AI Industry Leaders to Combat Image-Based Sexual Abuse
The U.S. government has received a set of voluntary commitments from AI industry leaders aimed at addressing the issue of image-based sexual abuse, including non-consensual intimate images (NCII) and child sexual abuse material (CSAM). Big … Read more
Change Healthcare Data Breach Latest Update
In February 2024, Change Healthcare suffered a ransomware attack that exposed sensitive personal and medical data. This breach affected millions of Americans, potentially impacting up to one-third of the U.S. population. By mid-July 2024, Change … Read more
Flawed NetSuite Setup Leaves Customer Data Exposed
Thousands of Oracle NetSuite SuiteCommerce sites have been found vulnerable to exposing sensitive customer data due to misconfigured access controls on Custom Record Types (CRTs). This issue emanates from user misconfigurations rather than a flaw … Read more
The Full Breakdown of Delta’s IT Woes
Delta Air Lines is contending with the aftermath of an IT outage that disrupted its operations for several days in July, resulting in thousands of canceled flights and financial losses. The outage, which was caused … Read more
Global Disruption from CrowdStrike Falcon Sensor Update
An incident involving CrowdStrike’s Falcon Sensor software recently led to a global crash of millions of Windows devices. The root cause analysis conducted by CrowdStrike traces the issue back to a problematic content update, pointing … Read more
Alert: Chinese Hackers Exploit Zero-day Vulnerability in Cisco Routers
On July 2, 2024, Cisco issued a critical security alert regarding a major vulnerability in its routers exploited by Chinese hackers. The vulnerability, CVE-2023-20109, affects Cisco NX-OS software, allowing attackers to execute arbitrary commands with … Read more
Cyber espionage groups targeting critical infrastructure: The rise of ransomware attacks
A joint report from analysts at SentinelLabs and Recorded Future has studied two distinct activity clusters targeting government sectors and critical infrastructure globally between 2021 and 2023. The report reveals a worrying trend: actors in … Read more
Kaspersky antivirus banned in the United States
On June 20, 2024, the United States announced its decision to ban the use of Kaspersky antivirus software, a well-known Russian cybersecurity product. The ban applies to all Americans, both at home and abroad, due … Read more
Critical Vulnerabilities Found in Baxter Welch Allyn Products
On May 30, 2024, CISA publicized ICS Medical Alerts for Baxter products and medical devices. Baxter identified two critical vulnerabilities in its Welch Allyn products, namely the Welch Allyn Connex Spot Monitor and the Welch … Read more
A Misguided Cyber Operation: The French Mill Incident
A report recently published by Mandiant discloses that the Russian hackers group Sandworm mistakenly targeted a small mill in France, believing it was a hydroelectric dam. This erroneous attack was part of a broader campaign … Read more
Med-Data Settles Data Breach Legal Case Through $7 Million Agreement
Med-Data Inc., a revenue cycle management services provider based in Spring, TX, has reached a $7 million settlement to address all claims arising from a data breach spanning from 2018 to 2019, affecting around 136,000 … Read more
Green Ridge Behavioral Health Faces OCR HIPAA Action After Ransomware Attack
The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), has announced the settlement of a ransomware investigation involving Green Ridge Behavioral Health, LLC, a Maryland-based psychiatric practice, highlighting the growing … Read more
BlackCat Ransomware Group Behind Change Healthcare Cyberattack
Change Healthcare, a leading provider of healthcare billing and data systems, finds itself grappling with a severe cybersecurity crisis following the detection of a malicious cyberattack on February 21, 2024. This attack, attributed to the … Read more
Cyberattack Exploiting ConnectWise Vulnerability Impacts Change Healthcare
The cyber attack exploiting a vulnerability in ConnectWise ScreenConnect software has led to significant disruptions at UnitedHealth’s Change Healthcare, impacting services across the United States. This incident has revealed critical vulnerabilities, affecting not just Change … Read more
Integris Health Reports 2.39 Million People Impacted by Cyberattack
Integris Health has finished the analysis of the files that were viewed/stolen as a result of a cyberattack in November 2023. It has submitted the breach report to the Department of Health and Human Services … Read more
$4.75 Million HIPAA Penalty on Montefiore Medical Center Due to Malicious Insider Incident
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) reported the first financial penalty issued in 2024 to settle alleged HIPAA violations. Montefiore Medical Center has consented to pay a $4.75 … Read more
Massive Data Breach Hits French Healthcare: Over 33 Million Affected
In what is being described as France’s largest ever cyberattack, the personal information of over 33 million individuals has been compromised. This breach targeted two French service providers, Viamedis and Almerys, responsible for processing healthcare … Read more
Data Breach Reports by Columbus Regional Healthcare System, Senior PsychCare, and Aria Care Partners
133K Record Data Breach at Columbus Regional Healthcare System Columbus Regional Healthcare System located in Whiteville, NC, has informed the Maine Attorney General about a patient data theft due to a cybersecurity incident. Unauthorized people … Read more
Microsoft targeted by Russian Intelligence Cyberattack
In January 2024, Microsoft disclosed a significant cybersecurity breach in its network, attributed to Nobelium, a group with alleged ties to Russia’s Foreign Intelligence Service. This incident highlights the evolving challenges in digital security that … Read more
Data Breach Reports by Electrostim Medical Services, Meridian Behavioral Healthcare and Network 180
543,000 Electrostim Medical Services Patients Affected by Data Breach The medical device firm Electrostim Medical Services, Inc. in Florida, which is also called EMSI, has reported that it encountered a cyberattack in May 2023 which … Read more
Data Breaches Reported by State of Maine, Affinity Legacy, The Charles Lea Center and Detroit Chassis
State of Maine Data Breach Impacts 450,000 Records The State of Maine has reported the theft of the protected health information (PHI) of 453,894 persons in the latest mass exploitation of a zero-day vulnerability in … Read more
Data Breaches at Medical Eye Services, PeakMed, Prospect Medical Services, and 4 More Healthcare Providers
Medical Eye Services Says PHI of 370,000 Patients Stolen in MOVEit Transfer Hack Medical Eye Services, Inc. based in California recently reported the theft of the protected health information (PHI) of 346,828 persons. The PHI … Read more
Cyberattacks on Westchester Medical Center Health Network, Fellowship Village, Meadville Medical Center, and BHI Energy Health Plan
Westchester Medical Center Health Network (WMCHealth) has encountered a cyberattack that impacted its IT systems. The health network discovered the attack last week. On October 20, 2023, at 10 p.m., all connected systems were shut … Read more
Community First Medical Center Data Breach, AlphV and CommonSpirit Health Ransomware Attack
Community First Medical Center based in Chicago, IL started telling 216,047 patients about a cyberattack that allowed an unauthorized entity to obtain access to its computer system on July 12, 2023. According to the September … Read more
Cyberattacks and Data Breaches Reported by Texas Medical Liability Trust, Bloom Health Centers and Other Healthcare Organizations
60,000 People Impacted by Texas Medical Liability Trust Data Breach The Texas Medical Liability Trust (TMLT) submitted a data breach report to the Maine Attorney General representing itself and its affiliate companies, Physicians Insurance Company, … Read more
Data Breaches Reported by Cummins Behavior Health, Redwood Coast Regional Center and Other Healthcare Entities
Data of 4 Million Coloradans Exposed in MOVEit Transfer Attack The Colorado Department of Health Care Policy and Financing (HCPF), which supervises the Medicaid program of the state and the Child Health Plan Plus (CHP+) … Read more
Cyberattacks at Precision Imaging Centers, Atrium Health Wake Forest Baptist, Marshall & Melhorn, and Murfreesboro Medical Clinic & SurgiCenter
Precision Imaging Centers located in Jacksonville, FL recently informed 31,010 patients with regards to a security breach that took place on or about November 2, 2022. Unauthorized persons acquired access to its system and extracted … Read more
Latest News About Cyberattacks and Email Account Compromise on Healthcare Providers
Ohio Hospital Exposed Nurses and Other Staff to Workplace Violence The Occupational Safety and Health Administration (OSHA) has confirmed that a children’s hospital based in Columbus, Ohio didn’t sufficiently safeguard healthcare staff from violence in … Read more
The BianLian Ransomware Group and Vulnerabilities on Illumina Sequencing InstrumentsIllumina Sequencing Instruments
FBI and CISA Warn About BianLian Ransomware and Extortion Group The Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), and Cybersecurity and Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory with regard … Read more
Recent Data Breaches Reported by Santa Clara Family Health Plan and Other Healthcare Organizations
Santa Clara Family Health Plan Encountered a Clop GoAnywhere Hack On March 30, 2023, Santa Clara Family Health Plan reported a 276,993-record data breach to the HHS’ Office for Civil Rights that was a result … Read more
Arizona Veterans’ Healthcare Facility Exposed Staff to Potentially Fatal Conditions and Other Data Breaches Reported
The investigation of an Arizona Department of Veteran Affairs (VA) healthcare facility showed that workers were put at risk because they were exposed to potentially fatal hazards on steam lines. Workers were permitted to do … Read more
Roundup of Recent Data Breaches and Cyber Attacks
mscripts Cloud Storage Misconfiguration Exposed PHI for 6 Years The mobile pharmacy company, mscripts, has just reported that its misconfigured cloud storage environment resulted in the exposure of client information on the internet for the … Read more
GoAnywhere MFT Hack Impacts Up to 1 Million Community Health Systems Patients and Growing Gootloader Attacks
Community Health Systems based in Franklin, TN recently reported being affected by a security incident that happened at cybersecurity firm, Fortra. Unauthorized people acquired access to the protected health information (PHI) of around 1 million … Read more
Round-up of Cyberattacks and Data Breaches Affecting Healthcare Organizations
Multiple Vulnerabilities Discovered in OpenEMR Health Record and Practice Management Software More than 100,000 healthcare providers across the globe use the open source electronic health record and medical practice management software called OpenEMR. They use … Read more
Retreat Behavioral Health, Maternal & Family Health Services, and L. Knife & Son Reported Data Breaches
Maternal & Family Health Services based in Eastern Pennsylvania lately informed a number of patients regarding a ransomware attack on April 4, 2022 that resulted in the exposure of sensitive patient data. As soon as … Read more
Around 254,000 Medicare Beneficiaries Impacted by CMS Subcontractor Ransomware Attack
On November 14, 2022, Health Care Management Solutions (HMS) located in Fairmont, WV announced a data breach to the HHS’ Office for Civil Rights that affected approximately 500,000 people. During that time, limited information regarding … Read more
119 Pediatric Practices Impacted by EHR Vendor Breach
Connexin Software Inc., an electronic medical records and practice management software provider to pediatric doctor practice groups has lately reported that it encountered a cyberattack wherein an unauthorized third party acquired access to its internal … Read more
2021 Data Breaches Reported by U.S. Vision Subsidiary and Florida Addiction Treatment Center
USV Optical, a branch of U.S. Vision, has lately reported the exposure of patient records at a number of entities inside its network. It detected suspicious activity inside its system on May 12, 2021. Forensic … Read more
Data Breach Affects At Least 13 Anesthesia Providers
A big data breach has happened at the management firm of several anesthesia services providers. Based on a media breach notice released by Anesthesia Associates of El Paso, one of the impacted providers, the data … Read more
Data Breaches at Choice Health, Tessie Cleveland Community Services Corp and Easterseals-Goodwill Northern Rocky Mountain
Humana lately reported the potential compromise of the protected health information (PHI) of 22,767 persons in a security incident at Choice Health. This business associate is Humana’s vendor of its Medicare products. On May 18, … Read more