An insurance provider that services many state Medicaid agencies and the Children's Health Insurance Program told regulators that hackers compromised the personal and protected health information of nearly 9 million patients in an incident discovered in March.
A practice management software firm has agreed to pay a $550,000 fine and implement a comprehensive data security program to settle an enforcement action by New York state regulators after a 2020 ransomware attack that affected 1.2 million individuals nationwide, including 428,000 New Yorkers.
Home healthcare equipment firm Apria Healthcare is notifying nearly 1.9 million individuals of a hacking incident discovered in September 2021 that affected information dating back to mid-2019. The company says the breach was related to an attempt to fraudulently obtain funds from Apria.
In this week's data breach roundup: the Philadelphia Inquirer, Swiss multinational ABB, French electronics manufacturer Lacroix, the U.S. Department of Transportation employee data and more. Dallas is still recovering from a ransomware attack and researchers infiltrated a ransomware group.
The attorneys general of four states have smacked vision care provider EyeMed Vision Care with a $2.5 million fine as part of a settlement in the aftermath of a 2020 email phishing incident that affected 2.1 million individuals in the United States.
A rural Utah healthcare provider is notifying more than one hundred thousand individuals of a cybersecurity incident. Hackers may have accessed or stolen patient data of 103,974 patients who received care between March 2012 and last November.
Cloud-based electronic health records vendor NextGen Healthcare is notifying more than 1 million individuals of a data compromise involving stolen credentials. The data breach appears to be at least the second alleged data security incident the company has investigated since January.
The security of hundreds of MSI products is at risk due to hackers leaking private code signing keys stolen during a data breach last month. The signing keys allow an attacker to push malicious firmware updates under the guise of regular BIOS update processes with MSI update tools.
As the cyberthreat and regulatory landscapes are evolving, so too are the data security and privacy priorities of healthcare sector entities, said Taylor Lehmann, director, Office of the CISO, Google Cloud, who explains how organizations can respond to the challenges.
In light of former Uber CSO Joe Sullivan's sentencing, five cybersecurity executives from distinct walks of cybersecurity discuss how professionals can protect themselves from personal liability for making business decisions while doing what's best for their organization.
In the days between April 27 and May 4, the spotlight was on: a Royal ransomware attack on Dallas, Telecom giant T-Mobile's second breach in 2023, a ransomware attack disrupting water services in half a dozen southern Italian towns, a German IT services provider and the Atomic macOS Stealer.
The lack of proper monitoring and logging can make it difficult for companies to effectively address breaches. Many companies do not have logs turned on or do not properly configure them to track and record what is necessary. Without logs, the response to a breach can be significantly slower.
The guilty verdict against Joe Sullivan, former chief security officer of Uber, has generated much discussion about CISO accountability for disclosures of breaches. How should CISOs be preparing to deal with this responsibility? Kirsten Davies, CISO at Unilever, said communication is crucial.
The high-profile Equifax breach happened nearly six years ago. Jamil Farshchi, CISO of Equifax, discusses how the firm invested $1.5 billion, hired new staff and improved governance to prevent future attacks, but he says security organizations need to enter a new era of cooperation and transparency.
According to findings from the Identity Theft Resource Center's 2023 Q1 Data Breach Report, the number of publicly reported data compromises decreased, but the number of data breaches with no actionable information about the root cause of the compromise grew.