We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: MOVEit Health Data Breach Tally Keeps Growing, National Grid Customer Data Exposed in ‘Cyber Incident’, Atomic Wallet Faces Class Action Lawsuit Over $100 Million Crypto Hack Losses, Scraped Data of 2.6 Million Duolingo Users Released, and more.
Meta Pixel
How Much Health Systems Are Paying to Settle Pixel Lawsuits
Hospitals and health systems around the country are being sued for their use of the Meta Pixel, which plaintiffs say shared their protected health information with the tech giant, allowing it to tailor ads based on their medical conditions. Currently, more than 18 hospitals and health systems are facing lawsuits for allegedly installing the pixel technology on its websites and patient portals. Here is how much two health systems are paying to settle those suits:
- Advocate Aurora Health, dually headquartered in Downers Grove, Ill., and Milwaukee, agreed to pay a $12.25 million settlement after it was hit with multiple lawsuits about pixel tracking technology that was placed on its website and patient portals.
- Milwaukee-based Froedtert Health reached a $2 million settlement in a patient-led lawsuit that accused the health system of sharing patient data from MyChart with Facebook. Click to read entire article.
Ransomware Corner
MOVEit Health Data Breach Tally Keeps Growing
An estimated 748 organizations have suffered data compromises by MOVEit hacks instigated by the Clop criminal group, which unleashed a highly automated mass attack around May 29, likely timed to take advantage of the U.S. Memorial Day holiday weekend. The group came into possession of a zero-day vulnerability in Progress Software’s MOVEit file transfer application. The hackers have affected between 44.3 million and 49.1 million individuals worldwide, according to German cybersecurity firm KonBriefing. Click to read entire article.
CloudNordic, AzeroCloud Hit by Severe Ransomware Attacks
Major ransomware attacks have impacted Danish cloud hosting companies CloudNordic and AzeroCloud, both of which have the same parent firm, on Aug. 18, resulting in the total loss of most customers’ data and a complete system shutdown, according to BleepingComputer. Click to read entire article.
Tampa General Faces 3 Data Breach Lawsuits
Tampa (Fla.) General is facing three lawsuits for a May 31 data breach that affected 1.2 million patients, Florida Record reported Aug. 22. Three proposed federal class-action lawsuits have been filed against the health system in the U.S. District Court for the Middle District of Florida. The lawsuits allege that Tampa General was negligent in protecting patients’ health information from a ransomware attack. Click to read entire article.
3 Week Biz Interruption! CharterCARE Computers Back Online After Ransomware Attack
CharterCARE, Rhode Island’s third largest hospital group and part of the national Prospect Medical Holdings network of hospitals, has its computer system back up and running after three weeks. Click to read entire article.
FBI
FBI disrupts cybercrime operation by wiping malicious programs from hundreds of thousands of computers
The FBI quietly wiped malicious programs from more than 700,000 computers around the world in recent days, the agency said, part of an operation to take down a major component of the cybercrime ecosystem. Click to read entire article.
Cybersecurity
The MGM Resorts is Operational After Cybersecurity Issue
MGM Resorts has shut down some of its systems as a result of a “cybersecurity issue,” according to a recent company social media post. The company later posted an update, saying that its resorts’ dining, entertainment, and gaming “are currently operational.” The statement also thanked guests for their patience, saying, “our guests remain able to access their hotel rooms.” However, the statement did not specify the status of its systems, whether these operations were being handled manually, or whether some properties are still accepting cash only. Click to read entire article.
Critical Infrastructure
National Grid Customer Data Exposed in ‘Cyber Incident,’ Utility Says
National Grid is the latest company to report a serious data breach due to a flawed computer program from Burlington-based Progress Software. The utility company recently issued a warning to customers that their names, account numbers, contact details, and utility usage had been exposed in a data breach. Click to read entire article.
Healthcare
Fewer, but Larger, Healthcare Data Breaches Reported in 2023 With Hackers Often Targeting 3rd Parties
The 308 healthcare data breaches reported to the federal government from January through June represent a 15% sequential decline from the back half of 2022’s 363, according to the report. Click to read entire article.
Alexander EMS Suffers Data Breach, Notices Being Mailed
EMS Management and Consultants, Inc. (“EMS|MC”) recently notified Alexander County EMS of an incident that may have impacted some information related to certain patients. On May 31, 2023, and again in June 2023, Progress Software Corp. publicly disclosed that its MOVEit Transfer tool had been compromised. Our billing services provider, EMS Management and Consultants Inc. (“EMS|MC”), is a user of that tool. Click to read entire article.
The Harris Center for Mental Health and IDD Notifies Nearly 600k Individuals of Vendor Data Breach
On August 17, 2023, the Harris Center for Mental Health and IDD (“the Harris Center”) filed a notice with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that one of the organization’s vendors experienced a data breach related to a vulnerability in the MOVEit file transfer application. In this notice, the Harris Center explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, addresses, dates of birth, Social Security numbers, health insurance information, and protected health information. Click to read entire article.
Higher Education
University of Minnesota Investigating Claims of Big Data Breach
The University of Minnesota launched the investigation in late July after the tech journal The Cyber Express reported claims that a hacker had potentially gained access to more than 7 million Social Security numbers. Click to read entire article.
Financial Services
MidFirst Bank Files Notice of Data Breach Impacting Consumers’ Social Security Numbers
On August 22, 2023, MidFirst Bank filed a notice of data breach with the Attorney General of Texas after discovering that consumer information that had been entrusted to the company was subject to unauthorized access. In this notice, MidFirst Bank explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, Social Security numbers and financial account information. Click to read entire article.
Public Entity
Virginia Department of Medical Assistance Services Announces Data Breach Affecting Over 423k Individuals
On August 9, 2023, the Virginia Department of Medical Assistance Services filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that confidential information in its possession was subject to unauthorized access. Click to read entire article.
Crypto Fraud
Atomic Wallet Faces Class Action Lawsuit Over $100 Million Crypto Hack Losses
A group of high-net-worth investors from Russia and the Commonwealth of Independent States has launched a class action against Atomic Wallet following a $100 million heist that has left investors reeling. The legal action is being coordinated by German lawyer Max Gutbrod and Boris Feldman, a co-founder of Moscow firm Destra Legal. Click to read entire article.
Language
Scraped Data of 2.6 Million Duolingo Users Released on Hacking Forum
The scraped data of 2.6 million DuoLingo users was leaked on a hacking forum, allowing threat actors to conduct targeted phishing attacks using the exposed information. Duolingo is one of the largest language learning sites in the world, with over 74 million monthly users worldwide. Click to read entire article.
EU/UK
Minister for Finance Seeks Assurances From Central Bank After Data Breach
The Minister for Finance has said it is important for him to receive an assurance from the Central Bank of Ireland that it will not repeat an error which potentially impacted the ability of thousands of borrowers to access credit. Click to read entire article.
Asia Pacific
Multiple Australian Charities Have Had Donor Information Leaked Onto the Dark Web
Pareto Phone, a Brisbane-based telemarketing company that contacts potential donors on behalf of charities, was hacked by cybercriminals in April. As a result, thousands of Australians’ information has been leaked to the dark web. Click to read entire article.