We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Hive Ransomware extorted over $100M in ransom payments, Medibank hacker releases more private health information, Forefront Dermatology data breach $3.75M class action settlement, A Ransomware Attack Hit Two Michigan Schools, and more.
Hive Ransomware extorted over $100M in ransom payments from over 1,300 companies
The authorities reported that from June 2021 through at least November 2022, threat actors employed the Hive ransomware in attacks aimed at a wide range of businesses and critical infrastructure sectors, including Government Facilities, Communications, Critical Manufacturing, Information Technology, and especially Healthcare and Public Health (HPH). Click to read entire article.
Forefront Dermatology data breach $3.75M class action settlement
Forefront Dermatology will pay $3.75 million to resolve claims it failed to protect patient and employee information from a 2021 data breach. The settlement benefits consumers whose personal information was compromised in a May 2021 ransomware attack on Forefront Dermatology. Click to read entire article.
Community Health Network notifying patients about data breach
INDIANAPOLIS — Community Health Network is notifying patients of a possible data breach. The hospital system discovered third-party tracking technologies on some of its websites, including the MyChart patient portal, and on some of its appointment scheduling sites. Click to read entire article.
NewYork-Presbyterian Hospital Notifies 12K of Healthcare Data Breach
Along with NewYork-Presbyterian Hospital, Gateway Ambulatory Surgery Center and CorrectCare Integrated Health also reported healthcare data breaches recently. Click to read entire article.
A Ransomware Attack Hit Two Michigan Schools
In response to a ransomware attack, two Michigan school districts have shuttered. Kevin Oxley, the superintendent of the Jackson County Intermediate School District, announced that until Wednesday school would remain closed. Click to read entire article.
County of Tehama, Calif., Identifies and Addresses Data Security Incident
RED BLUFF, Calif., Nov. 17, 2022 /PRNewswire/ — Today, the County of Tehama, California announced that it has addressed a data security incident that resulted in unauthorized access to files on its systems. Click to read entire article.
Data breach impacts 5.3k Sacramento County Correctional Health patients
SACRAMENTO, Calif. — For nearly five months, thousands of Sacramento County Correctional Health patients had their information exposed to the public internet in a data breach by a county contractor, Sacramento County announced Thursday. Click to read entire article.
Davaco data breach $540K class action settlement
Davaco is a project-management firm that assists its clients in developing and maintaining projects. The company has reportedly provided services to brands such as Target, Sephora, Home Depot, Starbucks and more. According to a class action lawsuit, Davaco failed to protect employee data from third parties — resulting in a ransomware data breach in June 2021. The breach allegedly compromised sensitive employee information, including names, Social Security numbers and identification card numbers. Click to read entire article.
Counsel in Capital One Data Breach Suit Awarded $53.2 Million
The lawyers responsible for obtaining a $190 million class action settlement in litigation against Capital One Financial Corp. over a 2019 data breach will recover $53.2 million in fees, according to an order by the US District Court for the Eastern District of Virginia. Click to read entire article.
Old Point National Bank Announces Data Breach Compromising Customers’ Social Security Numbers and Bank Account Numbers
On November 9, 2022, Old Point National Bank reported a data breach with the Montana Attorney General after the company learned that an unauthorized party was able to access an employee’s email account that contained sensitive information belonging to certain bank customers. According to Old Point, the breach resulted in the names, driver’s license numbers and photos, Social Security numbers, and bank account numbers and balances being compromised. Click to read entire article.
Middletown Valley Bank Reports Data Breach Following Unauthorized Access to Computer Network
On November 14, 2022, Middletown Valley Bank reported a data breach with the Montana Attorney General after the company discovered that an unauthorized party had gained access to files on the bank’s computer network containing sensitive consumer information. According to Middletown Valley Bank, the breach resulted in the following consumer data being leaked: names, financial account numbers, Social Security numbers, driver’s license numbers, passport numbers, and other identifying information that was provided then when applying for products or services. Click to read entire article.
AAA Collections, Inc. Files Notice of Data Breach After Unauthorized Party Accessed the Company’s Computer System
On November 16, 2022, AAA Collections, Inc. reported a data breach with the Montana Attorney General’s Office after the company learned that an unauthorized party was able to access sensitive consumer data contained on its computer system. Click to read entire article.
The Rosewood Corporation Files Notice of Data Breach, Leaking Consumers’ Social Security Numbers
According to Rosewood, the breach resulted in the names, addresses, Social Security numbers, driver’s license numbers, government identification numbers, and health insurance information belonging to certain individuals being compromised. Click to read entire article.
Medibank hacker releases more private health information
The hacker, or hackers, behind the Medibank cyber attack have re-emerged after several days of online silence, releasing more private health information on the Dark Web. Click to read entire article.
Five Million AirAsia Passengers And Employees Personal Data Might Be Compromised
Multiple reports from the cybersecurity world have noted that AirAsia may have become the latest victim of the Daixin ransomware group. The attack apparently took place over a period of two days earlier this month and has resulted in the leakage of personal data belonging to 5 million unique passengers as well as all of the group’s employees. Click to read entire article.
Farrer Park Hospital fined $58,000 over data breach affecting medical information of 2,000 people
Personal details of about 3,500 people were automatically forwarded from two hospital employees’ email accounts to a third party. Click to read entire article.