Raytheon Companies and Nightwing Group to Pay $8.4M to Resolve False Claims Act Allegations Relating to Non-Compliance with Cybersecurity Requirements in Federal Contracts
A press release from the Department of Justice
Ctrl+Alt+Disaster: How Oracle techies ‘wrong click’ brought 45 out of 72 CHS hospitals to their knees for 5 days
The Economic Times reports: A software malfunction triggered by Oracle engineers led to a five-day outage at multiple Community Health Systems (CHS) hospitals last week, forcing several facilities to switch to paper records after losing access to their digital systems. The disruption began on 23 April during scheduled maintenance, when Oracle personnel mistakenly deleted storage […]
VeriSource now says February data breach impacts 4 million people
Bleeping Computer reports: Employee benefits administration firm VeriSource Services is warning that a data breach exposed the personal information of four million people. VeriSource is a Texas-based employee benefits administration and HR outsourcing solutions provider with diverse clients across the U.S. The firm has begun data breach notifications to impacted individuals about a cybersecurity incident […]
Breaches Within Breaches: Contractual Obligations After a Security Incident
It is important to review any contract with a vendor or business associate in terms of who will be responsible for notifying affected customers or patients of any breach. A post by Robinson + Cole discusses a lawsuit stemming from a dispute over the responsibility of a business associate following a breach. According to the […]
100,000 Americans Exposed As Hertz Warns Customers’ Names, Contact Details, Credit Card Information, Social Security Numbers Leaked in Vendor’s Data Breach
The Daily Hodl reports: A car rental giant says sensitive customer data has been exposed in a cybersecurity incident involving one of its vendors. In a notice posted on its website, Hertz says that its vendor, Cleo Communications US, witnessed a zero-day vulnerability exploit late last year that enabled thieves to siphon customer data. Notifications on various […]
Alert: Cisco Warns of Webex Vulnerability That Lets Hackers Exploit Meeting Links
UC Today reports: Read more at UC Today.
British company Advanced fined £3m by privacy regulator over ransomware attack
The Record reports: Advanced, a business that provides IT services to numerous healthcare providers in the United Kingdom, has been fined £3.1 million (about $4 million) by the country’s privacy regulator over a ransomware attack in 2022. The company had initially faced a fine of £6 million before coming to a voluntary settlement with the Information Commissioner’s […]
Over 50 U.S. school districts impacted in retirement service provider breach
In December 2024, EdTech vendor PowerSchool was hit with a major attack that reportedly affected more than 60 million students and employees throughout the country. But that wasn’t the only major attack affecting an education sector vendor in December. Teiss reports that a retirement services vendor was also the victim of an attack: About 50 […]
TRICARE Contractor Resolves $11M False Claims Act Liability for Known Cybersecurity Violations
Tycko & Zavareei Whistleblower Practice Group writes: February 2025 saw an important False Claims Act settlement involving allegations of known cybersecurity failures by Health Net Federal Services Inc. (HNFS), a government contractor that provides TRICARE healthcare management services to active duty military members and their families. HNFS as well as its parent corporation Centene agreed […]
Deloitte providing $5M to cover expenses related to RI data breach — and that’s just part of what they’ll pay
There is another update to Rhode Island’s incident response to a cyberattack last year that involved their vendor, Deloitte. Data from the state’s portal called RIBridges was acquired and leaked by threat actors when their ransom demands were not paid. Now WPRI reports: An outside consulting group will provide Rhode Island with millions in funding […]