Security Leftovers
-
Security updates for Monday
Security updates have been issued by Debian (chromium, cups, firefox-esr, firmware-nonfree, gerbv, jetty9, libvpx, mosquitto, open-vm-tools, python-git, python-reportlab, and trafficserver), Fedora (firefox, giflib, libvpx, libwebp, webkitgtk, and xen), Gentoo (Chromium, Google Chrome, Microsoft Edge, ClamAV, GNU Binutils, and wpa_supplicant, hostapd), Mageia (flac, giflib, indent, iperf, java, libvpx, libxml2, quictls, wireshark, and xrdp), Oracle (kernel), Slackware (libvpx and mozilla), and SUSE (bind, python, python-bugzilla, roundcubemail, seamonkey, and xen).
-
Indiana attorney general sues provider over violation of consumer protection, privacy laws
Indiana Attorney General Todd Rokita is suing a northwest Indiana medical office over a ransomware event that put personal and protected health information at risk. The lawsuit alleges the provider was aware of security concerns before the data breach.
The lawsuit filed last week against CarePointe — an ear, nose, throat, sinus and hearing provider — claims it was aware of security risks prior to a ransomware event in 2021 that exposed the information of about 45,000 Indiana patients.
The lawsuit said an IT vendor identified security concerns in a written HIPAA risk assessment in January that year. That vendor was hired in March to address the issues, but they weren’t fixed before the data breach in June.
-
MGRMC announces system hack
In a press release issued Friday, Mt. Graham Regional Medical Center announced it is dealing with a “cybersecurity incident.”
The release states the attack affected the hospital’s communication and information systems, and officials are working with law enforcement and other system experts to determine the extent of the hack, including if patient information was compromised.
-
And yet more victims in the U.S. medical sector
Earlier today, DataBreaches provided a small update on U.S. medical entities recently attacked or leaked by AlphV (BlackCat). Other groups also continue to attack health care entities.
-
Today’s interview with Umbreon is brought to you by the letter “R.”
Today’s part of the interview with the hacker known as “Umbreon” is brought to you by the letter “R.” In this case,”R” is for Restitution, Remorse and Regrets, and Reparations. As with previous segments, this was conducted by telephone over days and weeks. The transcript has been edited for length and clarity.
For those joining this series of interviews in progress, Umbreon (Pepijn van der S.) was arrested in the Netherlands in January of 2023 and has been detained since then, awaiting trial on a number of charges. When given the opportunity in June to request the court consider home detention while awaiting trial, he told the court he wanted to stay in prison so he could continue the therapy he was getting. He remains in detention awaiting trial later this month.
-
AlphV continues targeting medical sector, large and small (1)
While HIPAA does not specifically mandate notifying patients immediately if their information has been dumped on the internet for everone to grab and potentially misuse, DataBreaches continues to urge entities to issue prompt alerts so patients can assess their risk and take steps to porotect themselves.
-
AlphV starts to leak MNGI Digestive Health
On September 25, DataBreaches reported that AlphV had claimed to have attacked MNGI Digestive Health. MNGI never responded to this site’s inquiries at that time or since then.