IT Security Incidents
Stay informed about real-world incidents that impact organizations and individuals. Get insights into data breaches, hacking attempts, and distributed denial-of-service (DDoS) attacks, along with expert analysis and recommended countermeasures.
Kaseya Security Update Resolves Vulnerabilities Exploited in KSA Ransomware Attack
Kaseya has reported a security update published for the Kaseya KSA remote management and tracking software program to resolve the zero-day vulnerabilities, which the REvil ransomware gang fairly recently exploited in attacks on its customers … Read more
Exploit Available for ‘PrintNightmare’ Zero-Day Windows Print Spooler RCE Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has given a notification after a proof of concept (PoC) exploit had been published for a zero-day vulnerability identified in the Windows Print Spooler service. The vulnerability was … Read more
Data Breaches at Arizona Asthma and Allergy Institute, Stillwater Medical Center and Nebraska Department of Health and Human Services
Arizona Asthma and Allergy Institute sent breach notification letters to 70,372 patients who obtained services between October 1, 2015 and June 15, 2020. As per the breach notice, a selection of their personal data and … Read more
Third-Party Phishing Attack Impacts Around 34,862 Lafourche Medical Group Patients
Urgent care center operator Lafourche Medical Group located in Louisiana has informed 34,862 patients regarding a security breach that likely impacted their protected health information (PHI). Lafourche Medical Group discovered on March 30, 2021 that … Read more
420,433 People Affected by Health Plan of San Joaquin Email Security Breach
Health Plan of San Joaquin (HPSJ), which is a not-for-profit service provider of Medi-Cal managed care based in French Camp, CA, learned that an unauthorized individual has obtained access to its email system and likely … Read more
President Biden Signs Expansive Executive Order to Enhance Federal Networks Cybersecurity
On May 13, 2021, President Biden signed a comprehensive Executive Order that seeks to appreciably strengthen cybersecurity protections for federal systems, enhance threat information sharing between the private sector, the government, and law enforcement, and … Read more
Hackers Stole the PHI of Over 200,000 Washington D.C. Health Plan Members
CareFirst BlueCross BlueShield Community Health Plan District of Columbia (CHPDC) is notifying its members with regards to a cyberattack that resulted in the theft of their protected health information (PHI). CHPDC, previously known as Trusted … Read more
Over 1.2 Million Health Net Members Impacted by Cyberattack on Accellion
A number of healthcare companies have lately affirmed they were impacted by the Accellion cyberattack last December 2020. The attack was connected to the Clop ransomware gang since its leak website had published parts of … Read more
Data Breaches at California Department of State Hospitals and Eyemart Express
The Department of State Hospitals (DSH) in California has learned a worker obtained access to the protected health information (PHI) of 1,415 present/former patients and 617 personnel without consent. The employee had an Information Technology … Read more
Phishing Attack on Saint Alphonsus Health System, Saint Agnes Medical Center and Southeastern Minnesota Center for Independent Living
Due to a phishing attack encountered by Saint Alphonsus Health System based in Boise, ID, the information of its patients was potentially compromised, including the data of patients of Saint Agnes Medical Center located in … Read more
100% of Screened mHealth Applications Prone to API Attacks
The personally identifiable health information of a huge number of people is being compromised by means of the Application Programming Interfaces (APIs) employed by mobile health (mHealth) apps, reported by a current study shared by … Read more
Ransomware Attacks on Ramsey County and Crisp Regional Health Services and Vulnerability in Vaccine Scheduling Application
The County Manager’s Office of Ramsey County, MN has begun informing 8,700 customers of its Family Health Division regarding the potential access of some of their personal data by unauthorized persons brought about by a … Read more
Emisoft Reports No Less Than 560 Ransomware Attacks on U.S. Healthcare Facilities in 2020
Ransomware attacks in 2020 had a huge impact on companies and organizations in America. Ransomware gangs targeted the healthcare and education sectors, the federal, state, and municipal governments and departments. These sectors had no less … Read more
500k PCs Infected with Cryptocurrency Mining Malware in 12 Hours by Dofoil Trojan
A huge campaign distributing the Dofoil Trojan has been discovered by Microsoft. The campaign has already witnessed almost half a million PCs infected with the malware in less than 12 hours. The Dofoil Trojan is … Read more
Ransomware Attack Disables Campbell County Health Services
A ransomware attack at Campbell County Health has disrupted hospital services and left the organization unable to access patient information. Campbell County Health, based in Gillette, Wyoming, stated that the ransomware attack began at 3:30 … Read more
Phishing Attack at East Central Indiana School Trust Affects 3,200 Individuals
East Central Indiana School Trust (ECIST) is notifying more than 3,200 individuals that a phishing attack may have compromised their protected health information (PHI). On May 22, 2019, the organization noticed suspicious activity on an … Read more
Over 70 Employee Email Accounts Compromised in Phishing Attack on NCH Healthcare System
NCH Healthcare System is preparing to notify patients that their protected health information may have been compromised in a phishing attack. On June 14, 2019, NCH Healthcare System, based in Bonita Springs, Florida, noticed suspicious … Read more
Western Connecticut Health Network Patient Information Exposed in Mailing Incident
Western Connecticut Health Network is sending breach notification letters to patients whose protected health information (PHI) may have been exposed in a postal incidence. On June 11, 2019, Western Connecticut Health Network (WCHN), now known … Read more
Hackers Targeting US Utilities Sector with Spear Phishing Campaign
Hackers impersonating the US National Council of Examiners for Engineering and Surveying (NCEES) are targeting business in the US utility sector through a new phishing campaign. Between July 19 and July 25 2019, the hackers … Read more
Perry County Medical Center Notifying Patients Following Phishing Attack
Perry County Medical Center, Inc. d/b/a Three Rivers Community Health Group, has announced that it is notifying patients following a phishing attack which saw patient data compromised. Perry Country Medical Center, a health care centre … Read more
Presbyterian Healthcare Services Notifies 183,000 Patients Following Data Breach
Presbyterian Healthcare Services is notifying 183,000 patients that an unauthorised individual accessed their personal data. The hackers gained access to the patient data after successfully fooling several employees into handing over their login credentials … Read more
Ransomware Attack at Imperial Health Affects 110,000 Patients
A ransomware attack at Imperial Health has compromised the protected health information of more than 116,000 patients. On May 19, 2019, Imperial Health, a physicians’ network in Southwest Louisiana, discovered that an unauthorized party … Read more
Wise Health Phishing Attack Affects 36,000 Patients
Wise Health System is sending breach notification letters to 36,000 patients following a phishing attack on their system. Wise Health System is a health care system with over 1,900 employees based in Decatur, Texas. The … Read more
Dominion Health Data Breach Affects 3 Million Members
Dominion National is notifying patients of a data security incident that first stated in 2010 and has affected nearly 3 million members. Dominion National is a health insurer, health plan administrator, and administrator of dental … Read more
Microsoft June 2019 Patch Tuesday
Microsoft has issued patches for 88 vulnerabilities this patch Tuesday. Of the vulnerabilities, 20 were rated critical. One servicing stack and 4 advisories were also released in the update. Microsoft stated that there was no … Read more
Microsoft May 2019 Patch Tuesday
Microsoft has issued patches for 79 vulnerabilities this May 2019 Patch Tuesday. Of the vulnerabilities, 22 were rated critical. Adobe also issued patches for 84 vulnerabilities, 50 of which were critical. One critical flaw addressed … Read more
Southern Hills Eye Care Ransomware Attack Reported
Southern Hills Eye Care in Sioux City, Iowa, has announced that a recent ransomware attack on their facility may have compromised patient PHI. Ransomware is a variant of malware that prevents which hackers use to … Read more
DePaul Reports Phishing Compromised Employee Email Account
The assisted living facility provider DePaul has announced that a successful phishing attack on its networks has compromised patient data. DePaul, which operates facilities in New York, North Carolina, and South Carolina, discovered the breach … Read more
Data Breach at Rush University Medical Center Affects 45,000 Patients
Rush University Medical Center has announced that a data breach incident at a financial services vendor has compromised the PHI of 45,000 of their patients. The financial services vendor informed Rush of the incident on … Read more
Unauthorised Individual Gains Access to St. Francis Health System Patient Data
The Bon Secours St. Francis Health System has announced that unauthorised individual gained access to some of their patients’ protected health information (PHI). The hacker compromised the systems of Milestone Family Medicine, a medical facility … Read more
ICS-CERT Issues Medical Advisory for Vulnerabilities Found in BD FACSLyric Flow Cytometry Solution
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued a medical advisory about vulnerabilities found in the BD FACSLyric flow cytometry solution. ICS-CERT is a governmental organisation that works to reduce the risk … Read more
Cyberattack Disrupts Printing of Major Newspapers
An investigation has been launched into a recent cyberattack that disrupted the printing of several major newspapers. The cyberattack on Tribune Publishing, attributed to a malware infection, caused disruption to several newspaper print runs including … Read more
Cancer Centers of America Falls Victim to Phishing Attack
Cancer Centers of America’s Western Regional Medical Center in Bullhead City, Arizona, has recently fallen victim to a phishing attack which has exposed the protected health information (PHI) of over 41,000 individuals. The attack occurred … Read more
Massive Marriott Data Breach Discovered: 500 Million Guests Affected
A massive Marriott data breach has been detected which could affect as many as 500 million individuals who previously made bookings at Starwood Hotels and Resorts. While the data breach is not the largest ever … Read more
Beazley’s Publishes Breach Insights Report for Q3 2018
Beazley’s, a specialist insurance group, has released their quarterly Breach Insight Report for Q3 2018. The report concerned the attacks managed by Beazley Breach Response Services, which deals with the aftermath of an attack, including … Read more
Twin Phishing Attacks on Children’s Hospital of Philadelphia’s Results in Data Breach
Children’s Hospital of Philadelphia (CHOP) has announced that the email accounts of two employees have been compromised following cyberattacks on two August 23 and August 29, 2018. On August 24, CHOP, a paediatric healthcare facility … Read more
Reliable Respiratory Falls Victim to Phishing Attack
Reliable Respiratory, a respiratory care provider, has announced that it has fallen victim to a phishing attack. Reliable Respiratory, based in Norwood, MA, stated that IT staff discovered the breach when they detected suspicious activity … Read more
Medical Data from Closed Pennsylvania Obs/Gyn Clinic Found at Allentown Public Recycling Center
Private Medical Data has been found at a recycling center in Allentown, Pennsylvania. Paper files containing names, Social Security numbers, and medical histories, including details of cancer diagnoses and sexually transmitted diseases were located that the … Read more
12,172 Individuals Impacted by ShopRite Data Breach
Pharmacy customers of ShopRite Supermarkets, Inc. have been impacted by a security violation caused by the improper disposal of a device used to record the signatures of customers. The device was used at the ShopRite, … Read more
UAB Medicine Encounters PHI Breach Due to Missing Laptops
The UAB Medicine Viral Hepatitis Clinic located in Birmingham, AL has encountered a violation of patients’ protected health information (PHI). UAB Medicine employs the use of flash drives to shift data from its Fibroscan machine … Read more
Extortion Attack on Private Information of Sports Medicine Clients
7,000 patients of Sports Medicine & Rehabilitation Therapy (SMART) have been alerted of a possible breach of the private personal information. It is believed the breach, which involved an extortion attempt, may have impacted anyone … Read more
PHI of 932 Texas Children’s Health Plan Members’ in Email Breach
An email to the personal email account of a former employee of the Texas Children’s Health Plan has been discovered to have exposed the protected health information (PHI) of 932 members. The incident was identified … Read more
Danger of Using USB Drives to Store PHI Highlighted of Data Breach
Two USB drives holding the protected health information of almost 2,000 veterans at the Man-Grandstaff VA Medical Center in Spokane, WA have been discovered to be stolen. The two devices were storing data from a … Read more
1300 People Impacted by RiverMend Health Breach
An unauthorized person has been found to have obtained access to the email credentials of one the employees at RiverMend Health, a provider of specialty behavioral health services including services for drug and alcohol addiction. … Read more
Attackers Decrypting WiFi Traffic Thanks to KRACK WiFi Security Weakness
A WiFi security flaw in WPA2 called KRACK has been discovered in an investigation at the University of Leuven in Belgium. The KRACK WiFi security weakness affects all modern WiFi networks and could be used for … Read more
PHI Exposure May Have Happened Following Theft of Unencrypted Laptop
Exposure of patients’ protected health information may have occurred after an unencrypted laptop computer was stolen from a car belonging to an employee of Bassett Family Practice in Virginia. The theft of the laptop is … Read more
PHI of 10,500 Patients Found Exposed in Basement Owned by Psychiatrist
The medical details of over 10,000 patients of an Illinois-based psychiatrist – Dr. Riaz Baber, M.D. – have been found in the accessible basement of an Aurora property by the woman who was renting the … Read more
51,000 Plan Members Affect by Network Health Phishing Attack
Network Health, a Wisconsin-based insurer, has contact 51,232 of its plan members to advise them that some of their protected health information (PHI) hmay have been obtained by unauthorized persons. Last August, a number of Network … Read more
Cybercriminals with Nation-State Support Responsible for Yahoo Attack
InfoArmor has claimed that data from the Yahoo breach of over one billion user accounts has already been purchased on the black market by multiple third parties on numerous occasions. Although Yahoo argues that a … Read more
Global Reports of WannaCry Ransomware Attacks
There has been a huge increase in WannaCry ransomware attacks around the globe, including a new campaign being launched on Friday the 13th of May 2017. Unlike previous WannaCry ransomware attacks, the present campaign takes … Read more

























