Pennsylvania-based nonprofit health provider Maternal & Family Health Services has confirmed cybercriminals accessed the sensitive data of close to half a million people.
MFHS revealed last week that it had been hit by ransomware that exposed the personal data of current and former patients, employees and vendors. The healthcare giant said it was made aware of the incident on April 4, 2022 but admitted that may have been initially compromised as far back as August 21, 2021.
When asked by TechCrunch at the time, MFHS declined to confirm how many individuals were affected. However, a notification from the Maine attorney general’s office this week reported that a total of 461,070 people, including 68 Maine residents, are affected by the breach.
In a letter sent to affected residents on January 10 — more than nine months after the organization was first alerted to the ransomware incident — MFHS said that attackers accessed sensitive data, including names, addresses, date of birth, driver license numbers, Social Security numbers, usernames and passwords, health insurance and medical information, and financial information. The attackers also took credit and debit card numbers, the notification said.
It remains unclear who was behind the ransomware attack, if MFHS paid a ransom demand and why the nonprofit didn’t disclose the incident sooner. MFHS didn’t immediately respond to TechCrunch’s questions on Wednesday, and it doesn’t appear that any major ransomware group has yet claimed responsibility for the incident.
https://techcrunch.com/
Microsoft says a vulnerability it discovered in a core macOS security feature, Gatekeeper, could have allowed attackers to compromise vulnerable Macs with malware. The flaw, tracked as CVE-2022-42821, was first uncovered by Microsoft principal security researcher Jonathan Bar Or, and dubbed the “Achilles” vulnerability. Bar Or said the bug could allow malware to skirt Gatekeeper’s protections […]
Facebook-parent Meta has launched a subscription service, called Meta Verified, that will allow users to add the coveted blue check mark to their Instagram and Facebook accounts for up to $15 a month by verifying their identity, its chief executive Mark Zuckerberg said on Sunday, tapping a new revenue channel that has returned mixed success […]
After gaining access via RDP, all three threat actors encrypted files, in an investigation complicated by event log clearing and backups. 3 attackers, 2 weeks – 1 entry point. Written by Linda Smith, Rajat Wason, Syed Zaidi AUGUST 10, 2022 SECURITY OPERATIONS ACTIVE ADVERSARY PLAYBOOK BLACKCAT FEATURED HIVE LOCKBIT RANSOMWARE SOPHOS X-OPS In May 2022, an automotive supplier was hit with three separate ransomware attacks. […]
Leave a Reply