Tag Archive for: ‘Eye

Additional 15K added to Eye Care Leaders’ already record-setting breach tally

/in


An Air Force ophthalmologist performs surgery on a patient on Sept. 1, 2022. (Army)

Another 15,000 patients have been added to the breach tally of the Eye Care Leaders ransomware attack from nearly one year ago.

Massengale Eye Care issued a breach notice to patients in late October, informing them that their data was also compromised during what remains the largest incident reported in healthcare this year at nearly 3.7 million impacted patients.

While mainstream media outlets have recently warned that the CommonSpirit Health cyberattack could impact 20 million patients, the massive health system’s financial report from this week again stated that they are still investigating and have not found evidence of patient data impacts. As such, ECL still holds the dubious top position.

As reported, ECL’s EMR was hit with a ransomware attack on Dec. 4, after a threat actor accessed the platform and deleted databases and system configuration files. Without the data, it was not possible to identify whether the data was accessed or exfiltrated before it was deleted.

The compromised data varied by provider and patient, and for Massengale the data could include names, contact information, dates of birth, Social Security numbers, diagnostic details, and health insurance information.

ECL has not issued its own breach notice with the Department of Health and Human Services, as it defends itself against a provider-led lawsuit accusing the cloud EMR vendor of concealing additional ransomware incidents deployed earlier this year.

A number of providers affected by those alleged incidents spoke exclusively with SC Media, detailing their frustration over the stonewalling. The lawsuit status was last updated in October, with at least 13 filings to extend the time to respond to the claims and two more filings requesting the case be dismissed. In these filings, ECL has repeatedly denied these claims.

CorrectCare security incident swells to 607K impacted individuals

Two more healthcare entities have filed breach notices with HHS, after their medical claims processing vendor CorrectCare informed them that their patient information was exposed due to two misconfigured file databases in July.

CorrectCare Integrated…

Source…

Some Republicans in Washington state cast a wary eye on an election security device

/in


In northeast Washington state, a remote region nestled against the Canadian border, the politics lean conservative and wariness of government runs high.

Earlier this year, a Republican-led county commission there made a decision that rippled across Washington — triggering alarm at the secretary of state’s office, and now among cybersecurity experts who have worked for the past six years to shore up the security of America’s voting systems.

It happened on Valentine’s Day during the regular weekly meeting of the three-member commission in Ferry County, where Donald Trump received more than 63% of the vote in the 2020 election.

After an agenda that included an update on the county fair and a discussion about a local water and sewer district, the commissioners took up a proposal to disconnect a recently installed cybersecurity device from the county’s computer network.

The device, known as an Albert sensor, was designed to alert local governments to potential hacking attempts against their networks. More than 900 Albert sensors have been deployed across the country, primarily to states and counties, and they have been a key component of the federal government’s cybersecurity response following Russian election interference around the 2016 election.

But the commissioners in Ferry County had come to the conclusion that the sensor, which had been provided by the state at no cost, was more of a liability than an asset.

“Let’s get rid of it,” Commissioner Nathan Davis said before making his motion to remove the device.

The vote in support of the motion was unanimous.

“Bye bye, Albert sensor,” one of the commissioners quipped.

Another county in Washington state also disconnected its sensor, and a third decided not to install one. It’s an isolated trend in Washington at this point, but one that represents a stark example of how Republican mistrust in elections and government systems more broadly threatens to dismantle bipartisan progress made over the past decade to improve election security.

During the Ferry County meeting, Commissioner Davis quoted from a memo that circulated among Washington state Republicans. That memo,…

Source…

Police database breach a ‘big black eye’ for Chinese security systems

/in


Shanghai [China], July 9 (ANI): There is rising outrage amongst Chinese citizens with the surfacing of numerous incidents of personal data breaches parked on Chinese security systems, with the latest being a breach on Shanghai police database.

As per New York Times, the Shanghai police database with a vast trove of personal data that was seized by a hacker was left unsecured for months, security researchers said and turned out to be the largest known breach of Chinese government computer systems.

The leak came to light after an anonymous user posted in an online forum offering to sell personal information of as many as one billion Chinese citizens, exposing the privacy risks of the Chinese government’s vast surveillance.

The communist party collect a huge amount of data on citizens by tracking their movements and recording their DNA and other biological markers, New York Times reported, adding that it has been subjected to severe leaks due to parking it on unprotected servers.

Claiming to have information on 90 million citizens, another anonymous user posted on social media offering to sell a separate police database from the central Chinese province of Henan.

Over recent years, Chinese citizens have expressed growing demands for personal privacy and data protection from companies as the online security breaches fueled public resistance to the collection of private data by the government.

However, the news about the leak was swiftly censored and removed from the Chinese internet and social media platforms, a sign that the government understood the explosive nature of the apparent breach.

As of Thursday, Hashtags such as “Shanghai data leak,” “data leak of one billion citizens” and “data leak” remained blocked on Sina Weibo, a popular Chinese microblogging service as of Thursday, The New York Times reported, citing local media sources.

“It’s left a big black eye for the Chinese public security world, and by extension the Chinese government,” said Paul Triolo, senior vice president for China at Albright Stonebridge Group, a strategy firm. on China’s policies on surveillance of its masses.

“It’s not surprising they’ve gone into full censorship mode given how sensitive this issue is for the…

Source…

Eye! They send fake WhatsApp emails that are a scam

/in


whatsapp dark
whatsapp dark
Share on FacebookShare on LinkedInShare on PinterestShare to EmailShare on TelegramShare on WhatsApp

If you have received in the last hours an email sent by WhatsApp… distrust. In the first place, do it because at no time the instant messaging application would contact you by email, and secondly, do it because it is a scam that could nothing less than “hack” your mobile.

Be wary if a company like WhatsApp tries to contact you by email

Despite these two assumptions, there are many users who, in the last hours, are being victims of this deception. This is assured by the Internet Security Office, which has warned of the diffusion that this new attempt at scam with WhatsApp as a hook is getting.

Apparently, the hackers on this occasion are trying to deceive users using a different means than usual: email. The person who is a victim of this deception receives an email with the following title: «Backup of WhatsApp messages * 913071605 Nº (xxxx)«. It may also include its own phone number, which makes more than one user trust that it is a legitimate email.

However, it is not such. In fact, the phone number in relation to the email could have been obtained in some internet data breach. This, however, is not known by some users, who “bite” on the hook and pay attention to the email, considering that it was indeed sent by WhatsApp.

But it is a fake email. Despite the fact that the user is indicated that he will be able to see the conversations stored by that number when clicking on the link, this is a fraudulent link. It actually leads to a download website that asks for permission to download an attachment.

In it, obviously, there is a Trojan virus that what it does is “hack” the mobile phone, giving cybercriminals access to all the information and data that are stored on the device.

To prevent hackers from being able to access our mobile phone, in this case it would be enough to ignore the email received. In addition, as they recall from the Internet Security Office, these emails provide indications that would have to make anyone doubt their veracity: for example, they include words in other languages ​​or with grammatical and…

Source…