Mage Data strengthens its data security posture with the ISO 27001 certification. READ MORE >




WEEK OF JULY 18, 2022


Healthcare provider exposed transplant donor and recipient data

  • The Virginia Commonwealth University Health System (VCU) has warned almost 4500 transplant participants about a privacy breach affecting their healthcare information.
  • The company warned that some transplant recipients’ medical records contained their donor’s information, while recipient information also showed up in some donors’ records.
  • It has been inappropriately exposing this information since 2006 in some cases.
  • Information available included names, Social Security numbers, lab results, medical record numbers, the dates of medical procedures and dates of birth. In total, 4441 people were affected, it stated.

*Source

Tenet Health sued after affiliate hack, health data theft impacting 1.2M

  • Filed in the District Court of Dallas County, the suit claims the stolen data was not encrypted ahead of the cyberattack.
  • It should be noted that under the Health Insurance Portability and Accountability Act data encryption is not required if the provider has a documented, alternative security mechanism in place.
  • The patient who filed the lawsuit is seeking $1 million in monetary relief for the class action and claims his individual damages are less than $75,000.

*Source

Colorado Springs Utilities warns customers of data disclosure

  • According to a letter sent to customers, data stored by a subcontractor of Utilities was “accessed by an unauthorized party” June 15.
  • The information included names, addresses, Colorado Springs Utilities account numbers, email addresses and phone numbers. Roughly 200,000 accounts were in the file that was accessed.
  • Given that no sensitive, proprietary or confidential data such as social security numbers or credit card numbers were stolen, Utilities said the occurrence is not defined as a data breach.

*Source

Hackers nab $8m in Ethereum via Uniswap phishing attack

  • After gaining access to Uniswap LPs via a malicious airdrop contract, hackers stole more than 7,500 in Ethereum.
  • The phishing scam promised a free airdrop of 400 UNI tokens (worth approximately $2,200).
  • Users were asked to connect their crypto wallets and sign the transaction to claim the malicious airdrop. Upon connection, the unknown hacker grabbed user funds through a malicious smart contract.
  • To date, more than 74,000 wallets have interacted with the phishing scam smart contract, according to data from Etherscan.

*Source

Lithuanian energy firm experiences DDoS

  • Even as the attack has subsided, the Ignitis Group warned that threat actors continued to probe for an opening.
  • Lithuania has faced a spate of intensive DDoS attacks over the past few weeks from Russia-supporting hacktivist groups.
  • A top Ministry of National Defense official earlier this month tweeted that Russia has placed his country under intensive DDoS pressure, saying Lithuania will “give a diplomatic response and … hold those responsible accountable.” different vendor, and that it is working on improving security and mitigating cyber risks.

*Source 

Iranian steel companies targeted, crucial documents made public

  • Predatory Sparrow, also known as Gonjeshke Darande, has taken full responsibility for the cyberattacks on several Iranian steel facilities last month and has now released the first batch of top-secret documents on its Twitter handle.
  • Even while the group insists that the attacks are autonomous, it is speculated that the Israeli government is backing the group.
  • However, it’s not the first time that the group has claimed responsibility for attacks against Iranian facilities.
  • The group released a cache of roughly 20 gigabytes of data. It contains corporate documents that reveal the steel facilities’ connection to Iran’s powerful Islamic Revolutionary Guard Corps.

*Source 

SECUREFACT ARCHIVE >