LATEST POST
Kaiser Permanente discloses breach that may have impacted 13.4 million patients
Healthcare giant Kaiser Permanente has joined the ranks of those who have disclosed that their websites may have improperly shared protected health information with others. The issue with tracking pixels was first highlighted in investigative reporting by The Markup last year. They have continued to report on the issues, including fines paid, litigation, and Federal […]
UnitedHealth says ‘substantial proportion of people in America’ affected by Change Healthcare ransomware attack
Hackers exploited remote access that had no multifactor authentication UHG states it paid ransom to protect patient data UnitedHealth Group (UHG) issued a statement yesterday, claiming they were announcing support for people who might be concerned about their personal data being affected by the massive Change Healthcare data breach. Their statement says, in part: Based […]
Congress starts investigating the Change Healthcare cyberattack; Threat actors claim to put data up for sale
The House Energy & Commerce Health Subcommittee held a hearing yesterday, “Examining Health Sector Cybersecurity in the Wake of the Change Healthcare Attack.” It reportedly did not go well for Change Healthcare and UnitedHealth Group, who were not invited to testify and who did not send any representatives to the hearing. The committee was previously […]
Crickets from Chirp Systems in Smart Lock Key Leak
Brian Krebs reports that the U.S. government is warning that “smart locks” securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. “The lock’s maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021,: Krebs reports. “Meanwhile, […]
MGM Resorts Sues the Federal Trade Commission to Limit Investigation into 2023 Data Breach
Although the Federal Trade Commission (FTC) has the authority to investigate data breaches, some entities they have investigated have pushed back against the regulator. In 2013, FTC filed a complaint against LabMD for allegedly failing to protect consumer’s data. When the government found for itself in a proceeding by an administrative law judge, LabMD sued […]
Threat actors claim they stole info on more than 3.5M Omni Hotels & Resorts guests
Less than two weeks after Omni Hotels & Resorts admitted that they had been the victim of a cyberattack, a known ransomware gang has publicly claimed that they were responsible for the attack. A post on Daixin Team’s dark web leak site claimed they had “Sensitive data. (Including all records of all visitors from 2017 […]
Sisense breach and Palo Alto Networks vulnerability made for a busy week for CISOs
Sisense Security Week reports: The US government cybersecurity agency CISA on Thursday issued a red-alert for what appears to be a massive supply chain breach at Sisense, a New York company that sells big-data analytics tools to businesses. In a cryptic note, CISA warned of a recent “compromise of Sisense customer data” that was discovered […]
Small practices vulnerable after Change Healthcare cyberattack; some considering bankruptcy
While Change Healthcare UnitedHealth Group claims it continues to make progress in mitigating the impact to consumers and care providers of a massive cyberattack in February on its system and services, Radiology Business provides a grimmer picture of the impact and recent situation: The incident first occurred in February, shutting down the nation’s largest clearinghouse […]