We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Microsoft Data Breach Exposed Customer Data of 65,000 Organizations, U-M Cyberattack Hits 33K Patients, A Judge Has Finalized the $63M OPM Hack Settlement,T-Mobile’s $350 Million Data Breach Settlement, and more.

Ransomware Corner

Ascension St. Vincent’s Coastal Cardiology Announces Data Breach Stemming from Recent Ransomware Attack

On October 14, 2022, Ascension St. Vincent’s Coastal Cardiology filed an official notice of a data breach with the U.S. Department of Health and Human Services Office for Civil Rights after the company experienced a ransomware attack targeting a legacy computer system. According to St. Vincent’s Coastal Cardiology, the breach resulted in patients’ names, Social Security numbers, addresses, email addresses, phone numbers, insurance information, clinical information, and billing and insurance information being compromised. Click to read entire article.

25% of Ransomware Attacks Aimed at Healthcare Industry, FBI Says*

The healthcare sector has been hit with 25 percent of ransomware attacks so far in 2022, according to FBI data. Click to read entire article.

*Visit Your Cyber Insurer’s eRiskHub Portal for Continuous FBI Cyber Alerts

Ransomware Attempt Caused Statewide Arvig Outage

PARK RAPIDS, Minn. — An attempted ransomware attack against a Minnesota internet provider led to statewide service outage on Tuesday, Oct. 25. Perham, Minnesota-based Arvig on Tuesday afternoon announced that services had been restored, and advised customers to try rebooting their equipment if they were still experiencing connectivity issues. Click to read entire article.

Tech

Microsoft Data Breach Exposed Customer Data of 65,000 Organizations, Redmond Lashes Out at Security Firm

Threat intelligence firm SOCRadar reported that a Microsoft customer data breach affected hundreds of thousands of users from thousands of entities worldwide. Dubbed BlueBleed Part 1, the Microsoft data leak exposed at least 2.4 terabytes of sensitive data belonging to 65,000 entities in 111 countries. Click to read entire article.

Healthcare

Class Action Follows Data Breach at Multistate Radiology Practice

Patients whose private data may have been stolen by a cyberprowler last December have filed a class action lawsuit against the radiology practice whose IT systems may have been hacked. That would be 80-hospital, investor-backed US Radiology Specialists (USRS) based in Raleigh, N.C. Click to read entire article.

UnitedHealthcare Faces Lawsuit Over Rhode Island Data Breach

The ACLU of Rhode Island has filed a lawsuit against UnitedHealthcare of New England and the Rhode Island Public Transit Authority over a 2021 data breach that compromised the data of more than 20,000 former and current state employees, the Providence Journal reported Oct. 25. Click to read entire article.

U-M Cyberattack Hits 33K Patients

The personal information of about 33,850 Michigan Medicine patients was compromised through a phishing scheme that targeted employee emails, the Ann Arbor-based health system announced Thursday. Cyberattackers were able to get names, medical record numbers, addresses, dates of birth, diagnostic and treatment information and/or health insurance information of some of the patients. Click to read entire article.

Hacker Compromises Social Security Numbers of 980 Patients at Minnesota Hospital

Saint Paul, Minn.-based Regions Hospital is notifying 980 patients that some of their personal information has been compromised due to an August data breach. Click to read entire article.

Telecom

T-Mobile’s $350 Million Data Breach Settlement: Find Out If You Could Be Owed Money

After millions of customers’ personal information was exposed, T-Mobile agreed to a near-record payout. Click to read entire article.

Privacy Liability

Google Faces Another State Attorney General Lawsuit as Texas Claims Unlawful Collection of Biometric Data

Hot on the heels of a $85 million settlement in Arizona, and amidst suits in several other states over its location tracking practices, Google faces more state-level legal trouble as the Texas attorney general’s office is taking it to court for violating a state biometric privacy law that has been active for over a decade. Click to read entire article.

Public Entity

A Judge Has Finalized the $63M OPM Hack Settlement. Feds Now Have Two Months to Sign Up for Damages.

So far, more than 19,000 data breach victims are seeking payouts of up to $10,000. Click to read entire article.

Cybersecurity Expert Says IHA Hack Costs Could Top $5 Million

INDIANAPOLIS — It’s been three weeks since FOX59 broke the story of a ransomware attack on the Indianapolis Housing Agency that shut down the agency’s email and information system and put the personal data of 25,000 residents, vendors and Section 8 landlords at risk. Click to read entire article.

Asia Pacific

Australian Health Insurer Medibank Suffers Breach Exposing 3.9 Million Customers’ Data

Australian health insurance firm Medibank on Wednesday disclosed that the personal information of all of its customers had been unauthorizedly accessed following a recent ransomware attack. Click to read entire article.