LATEST POST
CarePointe ENT Settles HIPAA Lawsuit with Indiana Attorney General
The HIPAA Journal reports: In late September 2023, Indiana Attorney General Todd Rokita filed a lawsuit against CarePointe ENT over a ransomware attack and data breach that affected 48,742 individuals. A settlement has been reached that will see CarePointe pay $125,000 to resolve alleged violations of the Health Insurance Portability and Accountability (HIPAA) Act and […]
Russian hackers accused of targeting U.S. intelligence community with spear phishing campaign
CBS reports: Russia-based hackers conducted a sophisticated cyber campaign against American intelligence officials, including contractors at the State and Defense Departments, as part of an international operation that included NATO members and Ukraine, the Justice Department alleged Thursday. Prosecutors accused an officer in Russia’s Federal Security Service (FSB) and another co-defendant of carrying out a […]
Nine Prime Healthcare hospitals affected by MOVEit breach
CBIZ KA is a third-party vendor for Prime Healthcare that was affected by the MOVEit breach. They have issued the following notice: CBIZ KA, a third-party vendor for Prime Healthcare (Prime), discovered a security incident involving CBIZ’s use of MOVEit Transfer software, which has recently reported a security vulnerability. Prime takes the responsibility of safeguarding […]
Millions of patient scans and health records spilling online thanks to decades-old protocol bug
TechCrunch reports: housands of exposed servers are spilling the medical records and personal health information of millions of patients due to security weaknesses in a decades-old industry standard designed for storing and sharing medical images, researchers have warned. This standard, known as Digital Imaging and Communications in Medicine, or DICOM for short, is the internationally recognized […]
Fresenius discloses breach affecting more than 500,000 patients and employees
On December 6, Fresenius Medical Care AG filed Form 6-K with the Securities and Exchange Commission. The filing disclosed a data breach: On September 29, 2023, Cardiovascular Consultants, Ltd. (CVC), a subsidiary of Fresenius Medical Care AG (the Company) located in the United States (U.S.), became aware that some of its computer systems in the U.S. were […]
CISA Releases Advisory on Threat Actors Exploiting CVE-2023-26360 Vulnerability in Adobe ColdFusion
From CISA, December 5: Today, CISA released a Cybersecurity Advisory (CSA), Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers, to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs). The vulnerability in ColdFusion (CVE-2023-26360) presents as an improper access control issue and exploitation of this CVE can result in […]
Britain says no evidence of Sellafield nuclear site hacking
Reuters reports: Britain has no records or evidence to suggest that networks at the Sellafield nuclear site were the victim of a successful cyber attack by state actors, the government said on Monday following a report by the Guardian newspaper. The Guardian reported that Sellafield, which carries out nuclear fuel reprocessing, nuclear waste storage and […]
Russian state-sponsored hackers exploiting Outlook vulnerability, Microsoft warns
Cybernews reports: Microsoft is urging Outlook users to patch and update their systems to mitigate a new threat from Russia. Hackers associated with the Kremlin’s military intelligence agency GRU are exploiting the vulnerability to access victim’s emails. Microsoft warned that a nation-state actor tracked as Forest Blizzard is actively exploiting a vulnerability to provide secret, […]