We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Hive Ransomware extorted over $100M in ransom payments, Medibank hacker releases more private health information, Forefront Dermatology data breach $3.75M class action settlement, A Ransomware Attack Hit Two Michigan Schools, and more.

Ransomware Corner

Hive Ransomware extorted over $100M in ransom payments from over 1,300 companies

The authorities reported that from June 2021 through at least November 2022, threat actors employed the Hive ransomware in attacks aimed at a wide range of businesses and critical infrastructure sectors, including Government Facilities, Communications, Critical Manufacturing, Information Technology, and especially Healthcare and Public Health (HPH). Click to read entire article.

Healthcare

Forefront Dermatology data breach $3.75M class action settlement

Forefront Dermatology will pay $3.75 million to resolve claims it failed to protect patient and employee information from a 2021 data breach. The settlement benefits consumers whose personal information was compromised in a May 2021 ransomware attack on Forefront Dermatology. Click to read entire article.

Community Health Network notifying patients about data breach

INDIANAPOLIS — Community Health Network is notifying patients of a possible data breach. The hospital system discovered third-party tracking technologies on some of its websites, including the MyChart patient portal, and on some of its appointment scheduling sites. Click to read entire article.

NewYork-Presbyterian Hospital Notifies 12K of Healthcare Data Breach

Along with NewYork-Presbyterian Hospital, Gateway Ambulatory Surgery Center and CorrectCare Integrated Health also reported healthcare data breaches recently. Click to read entire article.

Public Entity

A Ransomware Attack Hit Two Michigan Schools

In response to a ransomware attack, two Michigan school districts have shuttered. Kevin Oxley, the superintendent of the Jackson County Intermediate School District, announced that until Wednesday school would remain closed. Click to read entire article.

County of Tehama, Calif., Identifies and Addresses Data Security Incident

RED BLUFF, Calif., Nov. 17, 2022 /PRNewswire/ — Today, the County of Tehama, California announced that it has addressed a data security incident that resulted in unauthorized access to files on its systems. Click to read entire article.

Data breach impacts 5.3k Sacramento County Correctional Health patients

SACRAMENTO, Calif. — For nearly five months, thousands of Sacramento County Correctional Health patients had their information exposed to the public internet in a data breach by a county contractor, Sacramento County announced Thursday. Click to read entire article.

Professional Services

Davaco data breach $540K class action settlement

Davaco is a project-management firm that assists its clients in developing and maintaining projects. The company has reportedly provided services to brands such as Target, Sephora, Home Depot, Starbucks and more. According to a class action lawsuit, Davaco failed to protect employee data from third parties — resulting in a ransomware data breach in June 2021. The breach allegedly compromised sensitive employee information, including names, Social Security numbers and identification card numbers. Click to read entire article.

Financial Services

Counsel in Capital One Data Breach Suit Awarded $53.2 Million

The lawyers responsible for obtaining a $190 million class action settlement in litigation against Capital One Financial Corp. over a 2019 data breach will recover $53.2 million in fees, according to an order by the US District Court for the Eastern District of Virginia. Click to read entire article.

Old Point National Bank Announces Data Breach Compromising Customers’ Social Security Numbers and Bank Account Numbers

On November 9, 2022, Old Point National Bank reported a data breach with the Montana Attorney General after the company learned that an unauthorized party was able to access an employee’s email account that contained sensitive information belonging to certain bank customers. According to Old Point, the breach resulted in the names, driver’s license numbers and photos, Social Security numbers, and bank account numbers and balances being compromised. Click to read entire article.

Middletown Valley Bank Reports Data Breach Following Unauthorized Access to Computer Network

On November 14, 2022, Middletown Valley Bank reported a data breach with the Montana Attorney General after the company discovered that an unauthorized party had gained access to files on the bank’s computer network containing sensitive consumer information. According to Middletown Valley Bank, the breach resulted in the following consumer data being leaked: names, financial account numbers, Social Security numbers, driver’s license numbers, passport numbers, and other identifying information that was provided then when applying for products or services. Click to read entire article.

AAA Collections, Inc. Files Notice of Data Breach After Unauthorized Party Accessed the Company’s Computer System

On November 16, 2022, AAA Collections, Inc. reported a data breach with the Montana Attorney General’s Office after the company learned that an unauthorized party was able to access sensitive consumer data contained on its computer system. Click to read entire article.

The Rosewood Corporation Files Notice of Data Breach, Leaking Consumers’ Social Security Numbers

According to Rosewood, the breach resulted in the names, addresses, Social Security numbers, driver’s license numbers, government identification numbers, and health insurance information belonging to certain individuals being compromised. Click to read entire article.

Asia Pacific

Medibank hacker releases more private health information

The hacker, or hackers, behind the Medibank cyber attack have re-emerged after several days of online silence, releasing more private health information on the Dark Web. Click to read entire article.

Five Million AirAsia Passengers And Employees Personal Data Might Be Compromised

Multiple reports from the cybersecurity world have noted that AirAsia may have become the latest victim of the Daixin ransomware group. The attack apparently took place over a period of two days earlier this month and has resulted in the leakage of personal data belonging to 5 million unique passengers as well as all of the group’s employees. Click to read entire article.

Farrer Park Hospital fined $58,000 over data breach affecting medical information of 2,000 people

Personal details of about 3,500 people were automatically forwarded from two hospital employees’ email accounts to a third party. Click to read entire article.