CorrectHealth notifies employees of breach in 2021; makes changes

CorrectHealth in Georgia is a private provider of healthcare services to incarcerated individuals. In November 2021, they discovered a data breach involving some employees’ email accounts. They did not reveal when the breach occurred, and it seems it took them until July 2022 to investigate and identify the 54,066 individuals they are notifying. Nothing...

New Golang Ransomware Agenda Customizes Attacks

Mohamed Fahmy, Nathaniel Gregory Ragasa, Earle Maui Earnshaw, Bahaa Yamany, Jeffrey Francis Bonaobra, and Jay Yaneza write: We recently discovered a new piece of targeted ransomware that was created in the Go programming language and that explicitly targeted one of our customers. This was evidenced by the specific email addresses and credentials the ransomware used. Malware written...

Massive cyberattack leads to class action suit against provider chain Avamere

John Hall reports: Attorneys representing a potentially large group of residents and employees of nursing home behemoth Avamere Holdings announced they have filed a class action suit accusing the long-term care provider of failing to protect its residents and staff from a massive cyberattack. The operator faces the class-action lawsuit over a data breach believed to have affected...

Laptop at centre of probe into massive 2017 phone data leak

FMT reporters: Police are investigating new evidence linked to a data leak about five years ago that reportedly involved 46 million Malaysian mobile numbers. The new evidence is believed to revolve around the use of a highly-secure laptop computer from the premises of the Malaysian Communications and Multimedia Commission to access a server containing...

EmergeOrtho notifying 75,200 patients about ransomware incident

EmergeOrtho  in North Carolina has started sending notification letters to patients whose protected health information may have been accessed during a ransomware attack in May. According to a notification template seen by DataBreaches, EmergeOrtho discovered and blocked a ransomware attack on May 18. Their letter does not specifically state whether any files were encrypted,...

Edfinancial and OSLA student loan account registration info hacked in Nelnet breach; 2.5 million affected

Many student loan borrowers caught a huge break this week with government forgiveness of some student loan debt. But for 2.5 million student loan borrowers, the week also brought news of a breach of their contact information and Social Security numbers. Nelnet Servicing in Nebraska provides technology services to EdFinancial and OSLA, including portals...

New York medical practices hit by “Bl00dy Ransomware Gang”

Is “Bl00dy Ransomware Gang” a new ransomware group on the scene, a rebrand, or neither?   In July, a new channel appeared on Telegram called the “Bl00dy Ransomware Gang.” In August, information about alleged victims started to appear. So far, the gang has leaked some data allegedly from three victims in two incidents. In each...

Akasa Air suffers data breach

PTI reports: Akasa Air has suffered data breach resulting in access of user information by unauthorised individuals. The airline, which started operations on August 7, has apologised to its customers and has “self-reported the incident” to CERT-In, according to a communication. Read more at The Telegraph India.