We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. This month we’re highlighting more ransomware attacks, a $5 billion class action lawsuit, lots of healthcare breaches, more lawsuits, and Ecuador pushing to pass data privacy legislation after a massive data breach. Don’t miss the items in ORANGE below.

THE RANSOMWARE CORNER
Study: Ransomware, Data Breaches at Hospitals tied to Uptick in Fatal Heart Attacks

Hospitals that have been hit by a data breach or ransomware attack can expect to see an increase in the death rate among heart patients in the following months or years because of cybersecurity remediation efforts, says a new study. Click to read entire article.

MegaCortex ransomware variant threatens data breach, alters credentials

A newly discovered variant of MegaCortex ransomware goes well beyond just encrypting victims’ files — it also changes their Windows passwords and threatens to publish their stolen data if they fail to pay. Click to read entire article.

Major ASP.NET hosting provider infected by ransomware

SmarterASP.NET, a company with more than 440,000 customers, said it’s been hit by ransomware over the weekend. Click to read entire article.

AUTOMOTIVE
Court certifies $5 billion class-action lawsuit against Nissan over 2017 breach

The Ontario Superior Court of Justice has certified a class-action lawsuit related to the 2017 Nissan privacy data breach to proceed. In 2017, Nissan Canada said it was the victim of a data breach that exposed the personal financial information of about 1.13 million customers.Click to read entire article.

RETAIL
—LAWSUIT ALERT—
Illinois resident affected by CafePress data breach files suit

Michael Fus, individually and on behalf of all others, filed a lawsuit against CafePress Inc. in the U.S. District Court for the Northern District of Illinois on Oct. 4 alleging negligence and violation of the Illinois Personal Information Protection Act, Illinois Consumer Fraud Act and the Illinois Uniform Deceptive Trade Practices Act. Click to read entire article.

HOSPITALITY
Marriott Warns Of A Security Breach Exposing Social Security Numbers Of Associates

Marriott International Inc. has recently warned of a security breach affecting some associates. Precisely, the incident exposed the Social Security Numbers of the associates to an unknown attacker. Click to read entire article.

TRANSPORTATION
—LAWSUIT ALERT—
DoorDash sued over data breach that may have exposed info of its 4.9 million users

A DoorDash user in New York alleges the company breached its duty of care by failing to safeguard the information of its users and drivers. The suit states DoorDash experienced a data breach in May of this year, causing private information of its at least 4.9 million users to be at risk of getting into the wrong hands. Nelson alleges that 100,000 drivers for the defendant had driver’s license details hacked as well. Click to read entire article.

PUBLIC ENTITY
Purcellville Town Council holds emergency session regarding data breach

Purcellville Town Council held an emergency session Saturday afternoon to discuss letters that were recently received by about 1,800 people informing them of a data security breach in the Town of Purcellville. Click to read entire article.

CYBER BREACH LAW UPDATE
The CCPA Is Coming and So Are Data Breach Class Actions

Companies that do business in California can expect to see class action litigation if they become the victim of a data breach, but showing a good cybersecurity posture and implementing arbitration agreements may be the best defense. Click to read entire article.

HEALTHCARE
—SETTLEMENT ALERT—
Data Breach Costs Texas Health Agency $1.6 Million

The federal government has slapped the Texas Health and Human Services Commission with a $1.6 million fine for a data breach that made the personal health information of 6,617 people available online. Click to read entire article.

Florida Blue alerts members of data breach

Florida Blue announced Nov. 8 that it is notifying less than 1 percent of its members that their information my have been exposed in a data breach at a third-party vendor, according to The St. Augustine Record. Magellan Health informed Florida Blue that the personal information of some of its members may have been affected after a May phishing attack. An employee at Magellan had fallen victim to a phishing attack. Click to read entire article.

Mount Dora medical company reports minor data breach

A Mount Dora medical company caught an employee trying to sell patient information earlier this year, according to a statement sent Friday. Click to read entire article.

Data Breach Confirmed by Veritas Genetics

Veritas Genetics, a DNA testing startup, has stated a knowledge breach resulted in unauthorized entry of some buyer data. The Danvers, Mass.-based mostly firm stated its customer-facing portal had “not too long ago” been breached however didn’t say when. Click to read entire article.

Salem Health Hospitals and Clinics Victim of Data Breach

According to Salem Health, they learned on August 1,2019 that an unauthorized individual had gained access to some employee email accounts on July 31. To date, says Salem Health, they do not know if the bad actor viewed any emails and attachments in the accounts that would identify patients whose information is contained in the accounts. Click to read entire article.

Arizona dental insurance company warns customers of potential data breach

On July 8, Delta Dental management became aware of of suspicious activity related to an employee’s email account, according to a Delta Dental statement released Nov. 8. An investigation found an employee fell victim to an email phishing scheme that allowed an unauthorized user to gain access to the email account on July 8.. Click to read entire article.

Hacker may have private information on nearly 44,000 TennCare members after Magellan data breach

The private information of nearly 44,000 TennCare members may have been stolen by a hacker who breached the email system of the agency’s pharmacy management vendor, officials announced on Friday. Click to read entire article.

Maine provider alerts 30,000 patients of data breach

In a statement on the company’s website, InterMed said it discovered in September that an unauthorized third party had gained access to four employee email accounts. Upon investigation, InterMed could not determine what messages or attachments were viewed. Patient data that may have been exposed included names, dates of birth, health insurance information and clinical information. A limited number of Social Security numbers may have also been exposed. Click to read entire article.

Data Breaches Will Cost Healthcare $4B in 2019, Threats Outpace Tech

Black Book Research finds nearly all health IT professionals say threat actors are outpacing security tech and processes; those data breaches will cost the sector $4B by the end of the year. Click to read entire article.

CANADA
—4.2 MILLION MEMBERS IMPACTED—
Officials reassess size of Canadian credit union data breach

Canada’s largest financial cooperative now says a June data breach was more than 50% larger than first believed. Click to read entire article.

Over the last year, 28 million Canadians impacted by data breaches: privacy commissioner

In the last 12 months, the personal information of approximately 28 million Canadians was affected by corporate hacks or mismanagement, according to the Office of the Privacy Commissioner of Canada (OPC). Click to read entire article.

LATIN AMERICA
Ecuador Rushes to Pass Data Privacy Law After Massive Data Breach

Ecuador is pushing to pass a privacy law after the massive data breach that affected more than 20 million individuals. Click to read entire article.

UK/EUROPE
Italian Bank UniCredit Suffers New Data Breach Impacting 3 Million Customerss

…The banking giant says that a single file dating back to 2015 has been compromised, thereby revealing some personally identifiable information (PII) of nearly 3 million customers. Click to read entire article.

ASIA/PACIFIC
City network system almost fully restored after cyber attack

The City of Johannesburg suffered a computer network system breach two weeks ago. Customers could not access online services such as the City’s website and e-services, and the billing centre and call centre were compromised. Click to read entire article.