We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. This month we’re highlighting more ransomware attacks, a $5 billion class action lawsuit, lots of healthcare breaches, more lawsuits, and Ecuador pushing to pass data privacy legislation after a massive data breach. Don’t miss the items in ORANGE below.
Hospitals that have been hit by a data breach or ransomware attack can expect to see an increase in the death rate among heart patients in the following months or years because of cybersecurity remediation efforts, says a new study. Click to read entire article.
A newly discovered variant of MegaCortex ransomware goes well beyond just encrypting victims’ files — it also changes their Windows passwords and threatens to publish their stolen data if they fail to pay. Click to read entire article.
SmarterASP.NET, a company with more than 440,000 customers, said it’s been hit by ransomware over the weekend. Click to read entire article.
The Ontario Superior Court of Justice has certified a class-action lawsuit related to the 2017 Nissan privacy data breach to proceed. In 2017, Nissan Canada said it was the victim of a data breach that exposed the personal financial information of about 1.13 million customers.Click to read entire article.
Michael Fus, individually and on behalf of all others, filed a lawsuit against CafePress Inc. in the U.S. District Court for the Northern District of Illinois on Oct. 4 alleging negligence and violation of the Illinois Personal Information Protection Act, Illinois Consumer Fraud Act and the Illinois Uniform Deceptive Trade Practices Act. Click to read entire article.
Marriott International Inc. has recently warned of a security breach affecting some associates. Precisely, the incident exposed the Social Security Numbers of the associates to an unknown attacker. Click to read entire article.
A DoorDash user in New York alleges the company breached its duty of care by failing to safeguard the information of its users and drivers. The suit states DoorDash experienced a data breach in May of this year, causing private information of its at least 4.9 million users to be at risk of getting into the wrong hands. Nelson alleges that 100,000 drivers for the defendant had driver’s license details hacked as well. Click to read entire article.
Purcellville Town Council held an emergency session Saturday afternoon to discuss letters that were recently received by about 1,800 people informing them of a data security breach in the Town of Purcellville. Click to read entire article.
Companies that do business in California can expect to see class action litigation if they become the victim of a data breach, but showing a good cybersecurity posture and implementing arbitration agreements may be the best defense. Click to read entire article.
The federal government has slapped the Texas Health and Human Services Commission with a $1.6 million fine for a data breach that made the personal health information of 6,617 people available online. Click to read entire article.
Florida Blue announced Nov. 8 that it is notifying less than 1 percent of its members that their information my have been exposed in a data breach at a third-party vendor, according to The St. Augustine Record. Magellan Health informed Florida Blue that the personal information of some of its members may have been affected after a May phishing attack. An employee at Magellan had fallen victim to a phishing attack. Click to read entire article.
A Mount Dora medical company caught an employee trying to sell patient information earlier this year, according to a statement sent Friday. Click to read entire article.
Veritas Genetics, a DNA testing startup, has stated a knowledge breach resulted in unauthorized entry of some buyer data. The Danvers, Mass.-based mostly firm stated its customer-facing portal had “not too long ago” been breached however didn’t say when. Click to read entire article.
According to Salem Health, they learned on August 1,2019 that an unauthorized individual had gained access to some employee email accounts on July 31. To date, says Salem Health, they do not know if the bad actor viewed any emails and attachments in the accounts that would identify patients whose information is contained in the accounts. Click to read entire article.
On July 8, Delta Dental management became aware of of suspicious activity related to an employee’s email account, according to a Delta Dental statement released Nov. 8. An investigation found an employee fell victim to an email phishing scheme that allowed an unauthorized user to gain access to the email account on July 8.. Click to read entire article.
The private information of nearly 44,000 TennCare members may have been stolen by a hacker who breached the email system of the agency’s pharmacy management vendor, officials announced on Friday. Click to read entire article.
In a statement on the company’s website, InterMed said it discovered in September that an unauthorized third party had gained access to four employee email accounts. Upon investigation, InterMed could not determine what messages or attachments were viewed. Patient data that may have been exposed included names, dates of birth, health insurance information and clinical information. A limited number of Social Security numbers may have also been exposed. Click to read entire article.
Black Book Research finds nearly all health IT professionals say threat actors are outpacing security tech and processes; those data breaches will cost the sector $4B by the end of the year. Click to read entire article.
Canada’s largest financial cooperative now says a June data breach was more than 50% larger than first believed. Click to read entire article.
In the last 12 months, the personal information of approximately 28 million Canadians was affected by corporate hacks or mismanagement, according to the Office of the Privacy Commissioner of Canada (OPC). Click to read entire article.
Ecuador is pushing to pass a privacy law after the massive data breach that affected more than 20 million individuals. Click to read entire article.
…The banking giant says that a single file dating back to 2015 has been compromised, thereby revealing some personally identifiable information (PII) of nearly 3 million customers. Click to read entire article.
The City of Johannesburg suffered a computer network system breach two weeks ago. Customers could not access online services such as the City’s website and e-services, and the billing centre and call centre were compromised. Click to read entire article.