Salinas Valley Memorial Healthcare System has agreed to pay $340,000 to resolve claims lax cybersecurity resulted in a 2020 data breach. Five employee and contractor email addresses were reportedly compromised in April, May and June of 2020 through a phishing scheme.  As Salinas claimed in their notification of July 1, 2020: On April 30,...

Sergiu Gatlan reports: Attackers abused open redirects on the websites of Snapchat and American Express in a series of phishing attacks to steal Microsoft 365 credentials. Open redirects are web app weaknesses that allow threat actors to use the domains of trusted organizations and websites as temporary landing pages to simplify phishing attacks. Read more...

On August 5, RTL Nieuws reported: More than a hundred dental practices will be forced to keep their doors closed in the coming days. These are practices of Colosseum Dental Benelux, a large company with more than 130 branches in Belgium and the Netherlands. The company has been hit by a cyber attack and is going...

The following notification was first published on July 18 as a legal notice: 00110404 PUBLISH 07/18/22 – 09/02/22 Notice of Data Breach On or about February 26, 2022, the Louisiana Public Facilities Authority (LPFA) was the target of a ransomware attack by unknown persons. Our investigation indicates the attack may have gone on over...

If you know to scroll down on BHG Behavioral Health Group‘s website to their footer, you will see a small link to an undated data security incident notice. That undated notice does not reveal when Behavioral Health Group first discovered the data security incident or how they first discovered it. The notice does state,...

Adam Carros and Ethan Stein report: Leaked screenshots show the Linn-Mar School District is dealing with a ransomware attack much more severe than the “technical difficulties” the district has described to staff and parents. A staff member shared with TV9 screenshots from district computers showing a warning message stating “all your files have been...

This site generally doesn’t cover or announce new types of ransomware, but this one targets the healthcare sector, so….  Bill Toulas reports: A new ransomware family called ‘GwisinLocker’ targets South Korean healthcare, industrial, and pharmaceutical companies with Windows and Linux encryptors, including support for encrypting VMware ESXi servers and virtual machines. The new malware...

Wordfly is a digital marketing platform that offers email, SMS marketing, forms and surveys for its clients to use with their customers or contacts. On July 10, Wordfly experienced a ransomware attack that encrypted their environment and disrupted services until July 29, when their status account tweeted: WordFly has returned to service. Thank you...

As seen on Breach Forum, U.K. High Court Judge Stephen Morris has rejected a request by the U.S. to keep Diogo Santos Coelho (aka “Omni” of RaidForums) in jail while the U.S. appeals a magistrate judge’s decision to grant him conditional bail. Coelho was arrested in January 2022, but his arrest was not announced...