WEEK OF JULY 18, 2022
Healthcare provider exposed transplant donor and recipient data
- The Virginia Commonwealth University Health System (VCU) has warned almost 4500 transplant participants about a privacy breach affecting their healthcare information.
- The company warned that some transplant recipients’ medical records contained their donor’s information, while recipient information also showed up in some donors’ records.
- It has been inappropriately exposing this information since 2006 in some cases.
- Information available included names, Social Security numbers, lab results, medical record numbers, the dates of medical procedures and dates of birth. In total, 4441 people were affected, it stated.
Tenet Health sued after affiliate hack, health data theft impacting 1.2M
- Filed in the District Court of Dallas County, the suit claims the stolen data was not encrypted ahead of the cyberattack.
- It should be noted that under the Health Insurance Portability and Accountability Act data encryption is not required if the provider has a documented, alternative security mechanism in place.
- The patient who filed the lawsuit is seeking $1 million in monetary relief for the class action and claims his individual damages are less than $75,000.
Colorado Springs Utilities warns customers of data disclosure
- According to a letter sent to customers, data stored by a subcontractor of Utilities was “accessed by an unauthorized party” June 15.
- The information included names, addresses, Colorado Springs Utilities account numbers, email addresses and phone numbers. Roughly 200,000 accounts were in the file that was accessed.
- Given that no sensitive, proprietary or confidential data such as social security numbers or credit card numbers were stolen, Utilities said the occurrence is not defined as a data breach.
Hackers nab $8m in Ethereum via Uniswap phishing attack
- After gaining access to Uniswap LPs via a malicious airdrop contract, hackers stole more than 7,500 in Ethereum.
- The phishing scam promised a free airdrop of 400 UNI tokens (worth approximately $2,200).
- Users were asked to connect their crypto wallets and sign the transaction to claim the malicious airdrop. Upon connection, the unknown hacker grabbed user funds through a malicious smart contract.
- To date, more than 74,000 wallets have interacted with the phishing scam smart contract, according to data from Etherscan.
Lithuanian energy firm experiences DDoS
- Even as the attack has subsided, the Ignitis Group warned that threat actors continued to probe for an opening.
- Lithuania has faced a spate of intensive DDoS attacks over the past few weeks from Russia-supporting hacktivist groups.
- A top Ministry of National Defense official earlier this month tweeted that Russia has placed his country under intensive DDoS pressure, saying Lithuania will “give a diplomatic response and … hold those responsible accountable.” different vendor, and that it is working on improving security and mitigating cyber risks.
Iranian steel companies targeted, crucial documents made public
- Predatory Sparrow, also known as Gonjeshke Darande, has taken full responsibility for the cyberattacks on several Iranian steel facilities last month and has now released the first batch of top-secret documents on its Twitter handle.
- Even while the group insists that the attacks are autonomous, it is speculated that the Israeli government is backing the group.
- However, it’s not the first time that the group has claimed responsibility for attacks against Iranian facilities.
- The group released a cache of roughly 20 gigabytes of data. It contains corporate documents that reveal the steel facilities’ connection to Iran’s powerful Islamic Revolutionary Guard Corps.