Oswego County Opportunities (OCO) in New York has announced that a limited number of employee email accounts were recently accessed by an unknown actor. The security breach was identified when suspicious email activity was detected and the email accounts were immediately secured. Third-party cybersecurity experts were engaged to investigate the breach to determine the nature… Read More »
For the past 15 years, Verizon has been publishing annual Data Breach Investigation Reports (DBIR), with this year’s report confirming just how bad the past 12 months have been. Verizon described the past 12 months as representing an unprecedented year in cybersecurity history. “From very well-publicized critical infrastructure attacks to massive supply chain breaches, the… Read More »
Social Action Community Health System (SAC Health) has recently notified 149,940 patients that documents containing their protected health information were stolen in a break-in at an off-site storage location where patient records were stored. The break-in was discovered on March 4, 2022, with the subsequent investigation confirming on April 22, 2022, that six boxes of… Read More »
In March 2022, Partnership HealthPlan of California (PHC) announced that third-party forensic specialists had been engaged to help restore the functionality of its IT systems following a cyberattack. PHC has now confirmed in a breach notification to the Maine Attorney General that the protected health information of 854,913 current and former health plan members has… Read More »
The U.S. Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) has issued a threat brief providing information on the cyber organizations of the Russian Intelligence Services which pose a threat to organizations in the United States, including the healthcare and public health (HPH) sector. The threat brief provides information on four… Read More »
After four successive months of declining numbers of data breaches, there was a 30.2% increase in reported data breaches. In April 2022, 56 data breaches of 500 or more records were reported to the Department of Health and Human Services’ Office for Civil Rights (OCR). While the number of reported breaches increased month-over-month, the number… Read More »
An emergency directive has been issued by the Cybersecurity and Infrastructure Security Agency (CISA) to all federal agencies, requiring them to take steps to address two vulnerabilities in certain VMware products that are likely to be rapidly exploited in the wild, and two previous vulnerabilities in VMWare products that were disclosed in April which are… Read More »
A $9.76 million settlement proposed by Solara Medical Supplies to resolve a class action lawsuit related to a 2019 data breach has received preliminary approval from the court. Solara Medical Supplies, which provides products and services to help people manage their diabetes, was the victim of a phishing attack that saw employees’ Microsoft Office 365… Read More »
Cleveland, OH-based Parker-Hannifin Corporation, a manufacturer of motion and control technologies, has recently announced that unauthorized individuals have gained access to some of its IT systems and may have acquired files containing the sensitive information of current and former employees, their dependents, and other individuals affiliated with the company. Suspicious activity was detected within its… Read More »
On July 1, 2022, updated data breach notification laws (HB 1351) will take effect in Indiana that require notifications to be issued within 45 days of the discovery of a breach of the personally identifiable information (PII) of Indiana residents. Currently, the data breach notification requirements are for notifications to be issued without unreasonable delay.… Read More »