We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Hackers encrypt New York orthopedic practice’s IT systems, AmeriFirst Financial Inc. Warns Customers of December Data Breach, City of Chicago Emails Stolen During Data Transfer To Law Firm, and more.
Ransomware
‘Jugular’ of the U.S. fuel pipeline system shuts down after cyberattack
The infiltration of a major fuel pipeline is “the most significant, successful attack on energy infrastructure we know of.”
What We Know About Scripps Health Cyberattack
One of San Diego’s main health care systems, Scripps Health, had its technology servers hacked on May 1
Reported ransomware attack leads to weeks of Aprima EHR outages
Some customers describe being unable to access their clinic schedules, chart notes, refill requests or incoming test results, among other issues
Hackers encrypt New York orthopedic practice’s IT systems, remove patient files
Some customers describe being unable to access their clinic schedules, chart notes, refill requests or incoming test results, among other issues
Research
51% of Organizations Have Experienced a Data Breach Caused by a Third-party, New Report Finds
SecureLink and Ponemon Institute research finds remote access is becoming an organization’s weakest attack surface
Financial Services
AmeriFirst Financial Inc. Warns Customers of December Data Breach
The personal loan information of certain #AmeriFirst Financial, Inc.*, customers has been compromised, according to the bank’s “data security incident” notification. AmeriFirst said it discovered the breach on April 12, 2021, which infiltrated the bank’s data storage from Dec. 2 to Dec. 10, 2020.
Mobile Apps
Millions of users’ data at risk after parking app security breach
ALEXANDRIA, Va.— A recent cyber breach may have put some basic personal information at risk for those who use the ParkMobile app. Earlier this spring, the popular wireless parking company announced a “third-party software” vulnerability led to the breach.
Public Entities
Cybercriminals potentially accessed data of 10,000 people in Brevard School Board breach
Cyber criminals could have accessed the identifying information of about 10,000 people last year through the email accounts of 12 Brevard County School Board employees, a school district spokesperson said Friday.
City of Chicago Emails Stolen During Data Transfer To Law Firm
While transferring files to the Jones Daily law firm, email messages sent or received by four former city employees over the past two years were hacked. The city’s physical computers and network system were not compromised, officials said.
Healthcare
Lawsuit Filed Over Contact Tracing Data Breach
A federal lawsuit has been filed against Pennsylvania and a vendor contracted by the state’s Department of Health (DOH) over a data breach that exposed the personal health information (PHI) of thousands of Pennsylvanians. The DOH hired Atlanta-based company Insight Global in 2020 “to provide contact tracing and other similar services” following the outbreak of COVID-19. The Department later said that employees of the company caused a data breach by creating “unauthorized documents outside of the secure data systems created by the Commonwealth.”
Lawsuit alleges Google left millions of users’ contact tracing data public
A lawsuit seeking class-action status alleges that Google’s COVID-19 contact tracing tool exposed system logs of millions of users’ protected health information to potentially hundreds of third parties. The lawsuit, which was filed April 27, said Google co-created the Google-Apple exposure notification system to assist local and state agencies in deploying apps for mobile devices to conduct COVID-19 contact tracing.
UF Health records breach affects more than 1,500
An email announcement said a former employee accessed medical records “outside the scope of their duties” but did not specify who the worker was or what role he or she filled. Associate Director of UF Health Communications, Megan Kimmel MacPherson, said employment information was confidential.
(CaptureRX-related) Brownsville health center experiences data breach, patient data accessed
According to a release, the Brownsville Community Health Center (BCHC) was informed by CaptureRx, a former subcontractor with the center, that a data incident occurred on April 7. The incident led to 4,256 patients served by BCHC having their information accessed without authorization.
(CaptureRX-related) A breach of patient information included limited data on 17,655 patients of Faxton St. Luke’s Healthcare
UTICA, N.Y. – Faxton St. Luke’s Healthcare (FSLH), an affiliate of the Mohawk Valley Health System (MVHS), was notified on March 30, 2021, that Capture RX, a third party business associate, experienced a data breach on Feb. 6, 2021.
Tri-Cities Pharmacies offer free credit monitoring services after email breach
TRI-CITIES, WA – RX Pharmacy, LTC and RX Pharmacies says their email has been hacked after detecting suspicious activity and protected health information and/or personal information has potentially been compromised.
Trade Secrets
CultureMap Houston Files $17 Million Trade Secret Suit Against PaperCity
PaperCity is accused of profiting from trade secrets that were allegedly stolen from CultureMap.
Cyber Insurance
What physicians need to know about cyber liability insurance
As the threat of being hacked increases, more health care providers are purchasing cyber liability insurance to protect against data breaches or online attacks.
Legal Rulings
Alert: Second Circuit Rules Individuals Have Standing to Sue for ‘Increased Risk’ of Identity Theft
The United States Court of Appeals for the Second Circuit held that where personal information is disclosed without authorization, impacted individuals may have standing to sue if they can show an “increased risk” of identity theft or fraud, even if this hasn’t yet happened.
Canada
Privacy breach possibly affects 100s of Yukon gov’t workers: Department spokesperson
Roughly 400 Yukon government employees may have been affected by a recent privacy breach, according to a spokesperson at the Department of Finance.
Asia Pacific
Importance of cyber liability insurance
Many business people mistakenly think their general liability insurance will protect them in the event of a cyber attack. In most cases, it won’t, and the losses can be devastating. That’s why cyber insurance is important.
A look at the data breaches that rocked India in 2021 on World Password Day
With COVID-19, came digitization. With digitization, came contactless services, work from home and, an unforeseen boost in online services. Millions of users started registering for ecommerce, fintech, grocery delivery, healthtech, and more, adding to the burgeoning databases of businesses and organizations. And with all this, came cybersecurity threats.
Ransomware Hits Australian Telecom Provider Telstra’s Partner
A ransomware gang claims to have stolen SIM card data and banking information in an attack on Schepisi Communications, a service provider to Australian telecommunications company Telstra, local news outlet News.com reported.
‘Data breach’ reportedly exposes 345K sensitive SolGen documents
The Office of the Solicitor General of the Philippines suffered an alleged “data breach”, making some 345,000 sensitive documents accessible to the public for at least two months, London-based security firm TurgenSec said.
