Security and Scaremongering

posted by Roy Schestowitz on Apr 03, 2023

• Jefferson Co. School System victim of ransomware attack during Spring Break

  A ransomware attack targeted the Jefferson County School System over Spring Break.

  A news release states the district’s technology team took immediate steps to stop the attack and notified state and local authorities. Preliminary investigations have not revealed any evidence of a breach of sensitive personally identifiable information. However, the district will continue to investigate any possibility of compromised data and notify stakeholders accordingly if discovered. Outside cybersecurity experts and law enforcement officials are assisting.

• Employee and patient files from Montgomery General Hospital leaked by ransomware group

  DataBreaches has not reviewed the entire leak but has seen employee-related files with personnel and payroll information for former and current employees, such as Social Security numbers, pay rate, etc., patient files with medical histories, diagnoses, treatment plans, test results, and health insurance billing records with policy information, dates of services, CPT codes, and amounts charged. No large employee-related or EMR databases were seen in the cursory review of files.

  DataBreaches will continue to monitor the situation, but it is already clear that MGH will have some notifications to make to employees, patients, and regulators.

• Winnti APT Hackers Attack Linux Servers With New Malware ‘Mélofée’ [Ed: This focuses not on how such malware gets installed in the first place, likely not at all because of Linux]