CYBER SECURITY NEWS – WEEK OF APRIL 29, 2024

Kaiser Permanente: Data breach may impact 13.4 million patients

Healthcare provider Kaiser Permanente disclosed a data security incident that may impact 13.4 million patients in the United States.
The breach occurred in April 2024 and involved the exposure of protected health information (PHI) and personally identifiable information (PII) of Kaiser Permanente patients.
The compromised data included patients’ first and last names, medical record numbers, dates of service, and laboratory test results. However, sensitive information like Social Security numbers and credit card details were not affected.
Kaiser Permanente took immediate action, including resetting the employee’s email password and providing additional training on safe email practices.

The BSNL data breach in 2024 appears to be a resurgence of a previous breach, raising concerns over user privacy and the cybersecurity readiness of the Indian telecom provider.
According to the reports, the latest breach has resulted in the exposure of 2.9 million user records on the dark web
While the details of the new breach are still emerging, the recurrence of such incidents suggests that BSNL may have failed to adequately address the underlying security vulnerabilities from the earlier breach
The impact of this data leak could be significant, potentially compromising the personal information of a large number of BSNL customers.

Debt collection agency Financial Business and Consumer Solutions (FBCS) reported a data breach affecting nearly 2 million individuals.
The breach, discovered on February 26, 2024, involved unauthorized access to certain systems in the FBCS network. During the breach period from February 14 to February 26, a third party accessed and potentially viewed or accessed information, including names, dates of birth, Social Security numbers, and account details.
FBCS has not found evidence of misuse of the compromised information but is providing the affected individuals with 12 months of free credit monitoring services.

The Change Healthcare cyberattack involved a ransomware incident that targeted UnitedHealth Group’s subsidiary, Change Healthcare, resulting in a compromise of personal information.
UnitedHealth confirmed paying a ransom, estimated at around $22 million in bitcoin, to protect patient data.
The cyberattack impacted various healthcare operations, with significant disruptions reported in claims submissions and billing processes for physician practices.
The breach exposed protected health information (PHI) and personally identifiable information (PII), potentially affecting a large portion of the American population.

The cyberattack on Volkswagen, suspected to be orchestrated by Chinese hackers, involved the theft of sensitive data over a multi-year period, spanning from 2010 to 2015.
The stolen information, described as “explosive,” included details on Volkswagen’s internal operations, such as development plans for gasoline engines and e-mobility initiatives.
Investigations revealed that the hackers meticulously planned the attack, exfiltrating approximately 19,000 documents related to emerging technologies crucial for Volkswagen’s global competitiveness.