We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: ransomware attacks continue to grow in number and severity, more lawsuits in the healthcare and retail sectors, a severe security breach (web skimming attack) of an online school accounting platform, a big breach in the technology sector, and the UK’s ICO fines Dixons Carphone the maximum possible amount. Don’t miss the items in ORANGE below.
Patients impacted by the 10-day EHR downtime at DCH Health in Alabama have filed a class-action lawsuit, claiming a ransomware attack on the three hospitals disrupted their medical care. Click to read entire article.
It may take several days to recover from a ransomware attack that has shuttered the online network linking all branches Contra Costa County Library branches and the Martinez administrative offices, the system said Friday evening. Click to read entire article.
Truckstop.com said ransomware was behind a weeklong outage that affected sites including its load board, online carrier safety vetting and payment services. The outage hit at least seven sites owned by Truckstop.com. The affected services include the app-based load board, factoring, carrier onboarding, RFP tool, real-time freight monitoring, SaferWatch and ShipperMate. Click to read entire article.
Albany International Airport announced this week that its administrative computers had been locked down by a crypto virus on Christmas Day. Click to read entire article.
The Saskatchewan Cancer Agency has “disconnected” itself from the province’s electronic health care records system in the wake of a ransomware attack that has crippled administrative operations throughout the province. Click to read entire article.
About a month before Wawa disclosed a data breach exposing customers’ credit and debit card numbers, the nation’s largest credit card network warned that hackers were targeting gas stations to steal payment card information. Click to read entire article.
Wawa has been hit with a wave of lawsuits claiming the company failed to protect consumers from a massive data breach that exposed their credit and debit card information. Click to read entire article.
The Houston-based company owns and operates more than 60 restaurant chains nationwide, and wrote that the data breach likely affected cards swiped between March 13 and Oct. 17, 2019. Click to read entire article.
The city of Aurora is warning water customers about a data breach involving one of their payment systems. They say customers who used the ‘Click2Gov’ system to submit one-time or to setup recurring payments between around August 30th–October 14th of 2019 may be affected. Click to read entire article.
Klamath County is warning those with ties to the Veterans Service Office of a data breach of an employee’s email account in mid-September that an investigation found affected people’s personal information. Click to read entire article.
Las Vegas officials said that that a cyber attack breached the city’s computer systems, but it wasn’t immediately clear if any sensitive data was compromised. Click to read entire article.
Active Network, a company that provides web-based school accounting software for K-12 schools and districts, disclosed a severe security breach earlier this week. The US-based company said hackers gained access to Blue Bear, a software platform that facilitates administration and management of school accounting, student fees, and online stores on behalf of schools and other educational institutions. Click to read entire article.
U.S. cryptocurrency exchange Poloniex has suffered a data leak and is enforcing a mandatory password change for all its users to prevent hackers from gaining access to their accounts. Click to read entire article.
In December, LifeLabs discovered that the information of 15 million consumers may have been exposed after an unauthorized third-party gained access to its computer system. The computer systems stored consumers’ names, addresses, emails, logins, passwords, dates of birth, healthcare numbers and lab test results. Click to read entire article.
The Supreme Court of Georgia revived a lawsuit accusing Athens (Ga.) Orthopedic Clinic of negligence for a 2016 patient data breach, according to court documents filed Dec. 23. Click to read entire article.
Kalispell Regional Healthcare is facing a second lawsuit over its handling of a data breach last year of up to 130,000 patients’ medical and financial information. Court documents allege the hospital was negligent in its cyber security practices and put patients at risk by not immediately alerting them about the breach. Click to read entire article.
According to a statement, Sinai Health System (Sinai) became aware of a potential data security incident that may have resulted in the in advertent exposure of some patients’ personal and health information. On October 16, 2019, forensic information technology experts determined that patient information could be at risk after an unknown third party gained unauthorized access to two employee email accounts. Click to read entire article.
The healthcare data of 500 Roosevelt General Hospital patients was exposed by a malware infection; phishing attacks, ransomware, and insider wrongdoing complete this week’s breach roundup. Click to read entire article.
A data breach at the Centers for Medicare and Medicaid Services has affected the protected health information of about 10,000 Medicare beneficiaries and 30 applications. Early analysis suggests that the leak of information was a result of a series of missed opportunities by CMS and a third-party application partner. Click to read entire article.
Banner Health is a non-profit healthcare organization based in Phoenix, Arizona. It operates a total of 34 hospitals and specialized facilities across six states. Banner employs over 50,000 employees. Recently, Banner agreed to settle a data breach lawsuit for $6 million. Click to read entire article.
The numbers that usually glow with exchange rates on Travelex boards in airports worldwide have gone dark, after the London-based currency exchange company was forced to go offline after it discovered a ransomware attack on Dec. 31. Click to read entire article.
MSUFCU says it notified affected customers via phone, email or text yesterday (Jan. 1, 2020) about the suspicious activity, which has been reported as unauthorized international transactions on their cards. Click to read entire article.
Camera information, Wi-Fi network details and email addresses of customers were exposed from Dec. 4 to Dec. 27, the executives said. Click to read entire article.
Dixons Carphone has been hit with the maximum possible fine after the tills in its shops were compromised by a cyber-attack that affected at least 14 million people. Click to read entire article.