Dissent Doe :cupofcoffee: · @PogoWasRight
1323 followers · 155 posts · Server infosec.exchange

@brett mentioned that added Homewood Health in Canada to their leak site. It's probably due to the Fortra/GoAnywhere incident. But Clop also added a bunch of U.S. healthcare entities to their site, and I suspect they are also all part of the incident:

Alivia Health
Medminder
US Wellness
Allied Benefit
MedExhco
WellBe
Ace Nursing

There has been no data leaked for any of the above yet, and no confirmation that I am aware of from any of these victims that it was GoAnywhere, but time will tell...

@BleepingComputer @lawrenceabrams

#clop #goanywhere #databreach #dataprotection #healthsec #infosec #cybersecurity #hipaa

Last updated 2 years ago

Dissent Doe :cupofcoffee: · @PogoWasRight
1321 followers · 156 posts · Server infosec.exchange

No need to hack when it’s leaking, DC Health Link edition.

BreachForums user "Denfur" tells me the DC Health Link data wasn't hacked and was found by Google dorking.

databreaches.net/no-need-to-ha

@lawrenceabrams @aj_vicens @zackwhittaker @briankrebs @allan

#databreach #dataprotection #healthsec #infosec #cybersecurity #dataleak #congress #fbi

Last updated 2 years ago

Dissent Doe :cupofcoffee: · @PogoWasRight
1312 followers · 147 posts · Server infosec.exchange
Dissent Doe :cupofcoffee: · @PogoWasRight
1312 followers · 138 posts · Server infosec.exchange

@lawrenceabrams @BleepingComputer

. I had just sent inquiries to Aliva Health and Medminder this afternoon asking them if they would confirm or deny that they were victims of the Fortra/GoAnywhere attack. So far, there's nothing on their sites or on HHS's public breach tool, but I suspect it's only a matter of time until we see them added there.

#gmta #hipaa #hitech #databreach #healthsec #businessassociate #vendor #clop #ransomware #dataprotection

Last updated 2 years ago

Dissent Doe :cupofcoffee: · @PogoWasRight
1312 followers · 135 posts · Server infosec.exchange

ZOLL Medical is notifying 1,004,443 patients whose protected health information (PHI) may have been compromised in a recent data security incident that didn’t involve pixels or trackers.

That said, some details about this one are not yet clear, and I am trying to get clarification from ZOLL.

Read what we know so far at databreaches.net/zoll-medical-

@brett @allan @jgreig @BleepingComputer @vxunderground

#databreach #healthsec #cybersecurity #phi #hipaa #dataprotection #infosec

Last updated 2 years ago

Dissent Doe :cupofcoffee: · @PogoWasRight
1308 followers · 142 posts · Server infosec.exchange

And to prove to myself once again that I should probably NOT read the news on the weekend:

hit another hospital. This one is The Grupo Hospitalar Vida in Brazil. It appears to have a maternity hospital associated with it. Their site is timing out.

I have left LockBitSupp a less-than-professional message on Tox.

#lockbit #ransomware #databreach #healthsec #infosec #cybersecurity

Last updated 2 years ago

Dissent Doe :cupofcoffee: · @PogoWasRight
1306 followers · 138 posts · Server infosec.exchange

Two more medical sector attacks were disclosed yesterday (at least two -- I may find more, of course).

The second is Florida Medical Center in Florida which disclosed a ransomware attack, but then made some statements that raised questions for me. You can read about their statements and my questions at:

databreaches.net/another-ranso

@brett @douglevin @allan @BleepingComputer

#databreach #hipaa #ransomware #incidentresponse #dataprotection #healthsec #infosec #cybersecurity

Last updated 2 years ago

Dissent Doe :cupofcoffee: · @PogoWasRight
1306 followers · 137 posts · Server infosec.exchange

Two more medical sector attacks were disclosed yesterday (at least two -- I may find more, of course).

The first is Bone & Joint Clinic in Wisconsin, which reported that a "network disruption" caused a HIPAA breach of employee and patient information.

databreaches.net/bone-joint-cl

@brett @douglevin @aj_vicens @BleepingComputer

#databreach #hipaa #networkdisruption #obfuscation #transparency #incidentresponse #dataprotection #healthsec #infosec #cybersecurity

Last updated 2 years ago

Dissent Doe :cupofcoffee: · @PogoWasRight
1303 followers · 141 posts · Server infosec.exchange

Capitol Hill data breach more ‘extensive’ than previously known:

cnn.com/2023/03/09/politics/ca

Note that a second listing appeared yesterday on the same forum offering what is allegedly the same data for tokens and not private sale this time. A free sample with 200 listings was also provided.

One member of Congress interviewed by CNN echoed what DataBreaches has heard from some people we spoke to: after the OPM breach, this just doesn't seem very worrying to some people.

#databreach #congress #dchealthlinks #cybersecurity #infosec #hipaa #healthsec

Last updated 2 years ago

Dissent Doe :cupofcoffee: · @PogoWasRight
1304 followers · 148 posts · Server infosec.exchange
Dissent Doe :cupofcoffee: · @PogoWasRight
1304 followers · 147 posts · Server infosec.exchange

A third-party breach that impacted Northwest Mothers Milk Bank in Oregon has also affected Rogers Hixon Ontario Human Milk Bank in Canada. The breach was in December at Timeless Medical Systems.

Timeless informed milk bank clients that "some files were acquired from the TMS network by an unknown third party, after which TMS took steps to mitigate the potential impact of the incident, recovered the files, and informed affected parties."

The data involved included a lot of data protected under HIPAA in the U.S. and PHIPA in Canada:

"milk donor applicant and infant names, date of birth, address, phone number, milk donor application contents (including self-reported information, medical health validation, blood screening results and/or required health and lifestyle updates), health care provider name, and lab generated patient ID, to the extent you or a family member provided the foregoing information in
dealing with NWMMB as a donor"

Timeless does not explain how they recovered the files. They do not mention ransomware, and they do not indicate whether any ransom was either demanded or paid.

Notification from Northwest Mothers Milk Bank: agportal-s3bucket.s3.amazonaws

Media coverage of Rogers Hixon Ontario Human Milk Bank: cbc.ca/news/canada/toronto/hum

#databreach #dataprotection #businessassociate #infosec #cybersecurity #incidentresponse #healthsec

Last updated 2 years ago

Dissent Doe :cupofcoffee: · @PogoWasRight
1300 followers · 121 posts · Server infosec.exchange
Dissent Doe :cupofcoffee: · @PogoWasRight
1300 followers · 120 posts · Server infosec.exchange
Dissent Doe :cupofcoffee: · @PogoWasRight
1288 followers · 108 posts · Server infosec.exchange
Dissent Doe :cupofcoffee: · @PogoWasRight
1288 followers · 108 posts · Server infosec.exchange

Sentara Health notifying 741 patients after mistake by Coronis Health employee: databreaches.net/sentara-healt

Good example of the value of having a compliance hotline or data security reporting number displayed on your website.

#databreach #dataprotection #infosec #responsibledisclosure #healthsec #businessassociate

Last updated 2 years ago

Dissent Doe :cupofcoffee: · @PogoWasRight
1274 followers · 138 posts · Server infosec.exchange

Reventics, a business associate, notified HHS of an incident that affected 250,918 patients. They also posted a brief notice on their website.

And no, they do NOT reveal that this was a attack.

And no, they do NOT reveal that some data has already been leaked.

databreaches.net/reventics-not

#ransomware #databreach #healthsec #incidentresponse #transparency #hipaa #hitech #infosec #cybersecurity

Last updated 2 years ago

Dissent Doe :cupofcoffee: · @PogoWasRight
1274 followers · 133 posts · Server infosec.exchange

Hutchinson Clinic in Kansas issues alert concerning December data breach, but has not yet notified patients nor HHS.

Doesn't sound like a ransomware incident from the wording of their notice, but hey...

databreaches.net/ks-hutchinson

h/t,

#databreach #hack #incidentresponse #notification #healthsec #infosec #cybersecurity #kwch

Last updated 2 years ago

Dissent Doe :cupofcoffee: · @PogoWasRight
1262 followers · 117 posts · Server infosec.exchange

BianLian doesn't seem to get a lot of media coverage, but they've hit a number of entities in the healthcare sector already, including one hospital.

BianLian recently posted samples from some unnamed victims on Breached -- but it was easy to determine the victims from the samples: Northeast Surgical Group, Zerbe Retirement Community, and Arizona Reproductive Medicine Specialists. None of the three have any notice on their websites at this time.

Today, BianLian dumped data from Northeast Surgical Group on their leak site. They also dumped data from Suburban Laboratories in Illinois.

There is nothing on Suburban's website about any incident, and none of these victims have yet to appear on HHS's public breach tool.

Perhaps HHS should provide a threat brief or analyst note on BianLian, including the availability of any free decryptor.

#bianlian #databreach #ransomware #infosec #healthsec #cybersecurity

Last updated 2 years ago

Dissent Doe :cupofcoffee: · @PogoWasRight
1260 followers · 116 posts · Server infosec.exchange

Another business associate was hit by ransomware in December. Reventics has submitted a notification to the Montana AG's office that 1,027 Montana residents were impacted. We have no info as yet as to how many patients nationwide, total, may have been impacted, or who the ransomware group was.

In other healthcare sector breach news, NewBridge Services in NJ appears to have been hit by LockBit3.0. They were added to LockBit's leak site today with some proof.

And because it's Friday, I expect we'll see yet more disclosures....

#databreach #ransomware #healthsec #infosec #cybersecurity

Last updated 2 years ago

Dissent Doe :cupofcoffee: · @PogoWasRight
1255 followers · 154 posts · Server infosec.exchange

"The personal information of millions of MySejahtera users has been exposed after an account authorised for vaccine administration stole data from three million vaccine recipients, revealed a national audit."

codeblue.galencentre.org/2023/

Do they know the identity of the "SuperAdmin" they had authorized?

#infosec #COVID #healthsec #databreach #dataprotection

Last updated 2 years ago