We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: UPMC settles data breach lawsuit for $450K, Social Security numbers from 1.1 million patients leaked, Ransomware attack caused ongoing Napa Valley College internet and phone system outage, CafePress Fined $500,000 After Massive Data Breach, and more.

Ransomware

Conti ransomware finally shuts down data leak, negotiation sites

The Conti ransomware operation has finally shut down its last public-facing infrastructure, consisting of two Tor servers used to leak data and negotiate with victims, closing the final chapter of the notorious cybercrime brand. Click to read entire article.

PracticeMax Notifies More California Consumers About Data Breach

On June 10, 2022, PracticeMax, an Arizona-based company that provides billing, business management and registration services to hospitals, physician offices, and other health care entities, reported a data breach to the California Attorney General’s Office affecting over 154,000 people nationwide. Click to read entire article.

Financial Services

Flagstar class action alleges bank failed to safeguard customer information in data breach

Flagstar Bank failed to secure the private and personally identifiable information (PII) of around 1.5 million of its customers during a December 2021 data breach, a new class action lawsuit alleges. Click to read entire article.

Healthcare

Multiple Class Action Lawsuits Filed Against MCG Health Over Data Breach

Multiple class action lawsuits have been filed against the Seattle-based Hearst Health subsidiary, MCG Health, over a data breach that has affected at least 10 healthcare organizations including Indiana University Health, Lenoir Health Care, Phelps Health, and Jefferson County Health Center. The breach notification issued to the Maine Attorney General indicates the protected health information of up to 1.1 million patients was potentially obtained by an unauthorized third party in the attack. Click to read entire article.

Covenant Care’s Data Breach Continues to Grow Across California

On June 22, 2022, Covenant Care California, LLC issued a third Data Breach Notice to the California Office of the Attorney General, as the list of affected health care facilities operated by the Covenant Care data breach continues to expand. Click to read entire article.

Medical Review Institute of America Dodges Data Breach Claims

Medical Review Institute of America escaped claims that it was negligent in securing customer’s personal health data, as a federal judge ruled that the plaintiff lacks standing to bring the breach suit. Click to read entire article.

UPMC settles data breach lawsuit for $450K

University of Pittsburgh Medical Center agreed to a $450,000 settlement to resolve allegations relating to a 2020 data breach that compromised the protected health information of about 36,000 patients, The National Law Review reported June 16. Click to read entire article.

Social Security numbers from 1.1 million patients leaked in 2020 Indiana University hospital breach

The sensitive information of 1.1 million patients served by Indiana University Health hospital was leaked in a data breach that took place in 2020, according to notification letters sent out by a vendor of the hospital. Click to read entire article.

Travel

Carnival hit with $5 million fine over cyber security violations

The cruise line operator was criticized for failing to implement multi-factor authentication and failing to conduct cyber security training for its staff. Click to read entire article.

Higher Education

Ransomware attack caused ongoing Napa Valley College internet and phone system outage

The Napa Valley College website and network systems were knocked offline as the result of a ransomware attack roughly two weeks ago, a spokesperson for the school has confirmed. Click to read entire article.

Simpson University Reports Data Breach of Medical, Financial and Student Information

Public notice sent out 10 months after breach. On June 10, 2022, Simpson University, a private university in Redding, California, reported that an unauthorized party gained access to certain Simpson University employee email accounts between July 29, 2021 and September 17, 2021. Click to read entire article.

Staffing

Robert Half International, Inc. Reports Data Breach Affecting Consumers’ Social Security Numbers

Recently, Robert Half International, Inc. confirmed that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data contained on the company’s network. According to Robert Half, the breach resulted in the names and Social Security numbers of certain individuals being compromised. On June 14, 2022. Click to read entire article.

Retail

CafePress Fined $500,000 After Massive Data Breach

A leading US regulator has fined CafePress half a million dollars following a 2019 data breach that impacted 23 million customers. Click to read entire article.

Asia Pacific

Hackers steal $100 mn in crypto from Harmony Blockchain bridge

New Delhi: Hackers have stolen at least $100 million worth digital tokens from Harmony, the crypto startup behind Horizon Blockchain Bridge which allows users to transfer their crypto assets from one Blockchain to another. Click to read entire article.