Cyber Risk News

We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Hackers encrypt New York orthopedic practice’s IT systems, AmeriFirst Financial Inc. Warns Customers of December Data Breach, City of Chicago Emails Stolen During Data Transfer To Law Firm, and more.

Ransomware

‘Jugular’ of the U.S. fuel pipeline system shuts down after cyberattack

The infiltration of a major fuel pipeline is “the most significant, successful attack on energy infrastructure we know of.”

Click to read entire article.

What We Know About Scripps Health Cyberattack

One of San Diego’s main health care systems, Scripps Health, had its technology servers hacked on May 1

Click to read entire article.

Reported ransomware attack leads to weeks of Aprima EHR outages

Some customers describe being unable to access their clinic schedules, chart notes, refill requests or incoming test results, among other issues

Click to read entire article.

Hackers encrypt New York orthopedic practice’s IT systems, remove patient files

Some customers describe being unable to access their clinic schedules, chart notes, refill requests or incoming test results, among other issues

Click to read entire article.

Research

51% of Organizations Have Experienced a Data Breach Caused by a Third-party, New Report Finds

SecureLink and Ponemon Institute research finds remote access is becoming an organization’s weakest attack surface

Click to read entire article.

Financial Services

AmeriFirst Financial Inc. Warns Customers of December Data Breach

The personal loan information of certain #AmeriFirst Financial, Inc.*, customers has been compromised, according to the bank’s “data security incident” notification. AmeriFirst said it discovered the breach on April 12, 2021, which infiltrated the bank’s data storage from Dec. 2 to Dec. 10, 2020.

Click to read entire article.

Mobile Apps

Millions of users’ data at risk after parking app security breach

ALEXANDRIA, Va.— A recent cyber breach may have put some basic personal information at risk for those who use the ParkMobile app. Earlier this spring, the popular wireless parking company announced a “third-party software” vulnerability led to the breach.

Click to read entire article.

Public Entities

Cybercriminals potentially accessed data of 10,000 people in Brevard School Board breach

Cyber criminals could have accessed the identifying information of about 10,000 people last year through the email accounts of 12 Brevard County School Board employees, a school district spokesperson said Friday.

Click to read entire article.

City of Chicago Emails Stolen During Data Transfer To Law Firm

While transferring files to the Jones Daily law firm, email messages sent or received by four former city employees over the past two years were hacked. The city’s physical computers and network system were not compromised, officials said.

Click to read entire article.

Healthcare

Lawsuit Filed Over Contact Tracing Data Breach

A federal lawsuit has been filed against Pennsylvania and a vendor contracted by the state’s Department of Health (DOH) over a data breach that exposed the personal health information (PHI) of thousands of Pennsylvanians. The DOH hired Atlanta-based company Insight Global in 2020 “to provide contact tracing and other similar services” following the outbreak of COVID-19. The Department later said that employees of the company caused a data breach by creating “unauthorized documents outside of the secure data systems created by the Commonwealth.”

Click to read entire article.

Lawsuit alleges Google left millions of users’ contact tracing data public

A lawsuit seeking class-action status alleges that Google’s COVID-19 contact tracing tool exposed system logs of millions of users’ protected health information to potentially hundreds of third parties. The lawsuit, which was filed April 27, said Google co-created the Google-Apple exposure notification system to assist local and state agencies in deploying apps for mobile devices to conduct COVID-19 contact tracing.

Click to read entire article.

UF Health records breach affects more than 1,500

An email announcement said a former employee accessed medical records “outside the scope of their duties” but did not specify who the worker was or what role he or she filled. Associate Director of UF Health Communications, Megan Kimmel MacPherson, said employment information was confidential.

Click to read entire article.

(CaptureRX-related) Brownsville health center experiences data breach, patient data accessed

According to a release, the Brownsville Community Health Center (BCHC) was informed by CaptureRx, a former subcontractor with the center, that a data incident occurred on April 7. The incident led to 4,256 patients served by BCHC having their information accessed without authorization.

Click to read entire article.

(CaptureRX-related) A breach of patient information included limited data on 17,655 patients of Faxton St. Luke’s Healthcare

UTICA, N.Y. – Faxton St. Luke’s Healthcare (FSLH), an affiliate of the Mohawk Valley Health System (MVHS), was notified on March 30, 2021, that Capture RX, a third party business associate, experienced a data breach on Feb. 6, 2021.

Click to read entire article.

Tri-Cities Pharmacies offer free credit monitoring services after email breach

TRI-CITIES, WA – RX Pharmacy, LTC and RX Pharmacies says their email has been hacked after detecting suspicious activity and protected health information and/or personal information has potentially been compromised.

Click to read entire article.

Trade Secrets

CultureMap Houston Files $17 Million Trade Secret Suit Against PaperCity

PaperCity is accused of profiting from trade secrets that were allegedly stolen from CultureMap.

Click to read entire article.

Cyber Insurance

What physicians need to know about cyber liability insurance

As the threat of being hacked increases, more health care providers are purchasing cyber liability insurance to protect against data breaches or online attacks.

Click to read entire article.

Legal Rulings

Alert: Second Circuit Rules Individuals Have Standing to Sue for ‘Increased Risk’ of Identity Theft

The United States Court of Appeals for the Second Circuit held that where personal information is disclosed without authorization, impacted individuals may have standing to sue if they can show an “increased risk” of identity theft or fraud, even if this hasn’t yet happened.

Click to read entire article.

Canada

Privacy breach possibly affects 100s of Yukon gov’t workers: Department spokesperson

Roughly 400 Yukon government employees may have been affected by a recent privacy breach, according to a spokesperson at the Department of Finance.

Click to read entire article.

Asia Pacific

Importance of cyber liability insurance

Many business people mistakenly think their general liability insurance will protect them in the event of a cyber attack. In most cases, it won’t, and the losses can be devastating. That’s why cyber insurance is important.

Click to read entire article.

A look at the data breaches that rocked India in 2021 on World Password Day

With COVID-19, came digitization. With digitization, came contactless services, work from home and, an unforeseen boost in online services. Millions of users started registering for ecommerce, fintech, grocery delivery, healthtech, and more, adding to the burgeoning databases of businesses and organizations. And with all this, came cybersecurity threats.

Click to read entire article.

Ransomware Hits Australian Telecom Provider Telstra’s Partner

A ransomware gang claims to have stolen SIM card data and banking information in an attack on Schepisi Communications, a service provider to Australian telecommunications company Telstra, local news outlet News.com reported.

Click to read entire article.

‘Data breach’ reportedly exposes 345K sensitive SolGen documents

The Office of the Solicitor General of the Philippines suffered an alleged “data breach”, making some 345,000 sensitive documents accessible to the public for at least two months, London-based security firm TurgenSec said.

Click to read entire article.


Vol. 232 – May 19, 2021

Download 2024 Cyber Claims Study

The annual NetDiligence® Cyber Claims Study uses actual cyber insurance reported claims to illuminate the real costs of incidents from an insurer’s perspective.

Download

© 2024 NetDiligence All Rights Reserved.