Anna Mahan reports: Multiple UAH email accounts were compromised through a phishing attempt in January, that’s confirmed by the UAH Office of Information Technology. Some emails impacted did contain personal information such as name, date of birth, or social security number. However, school officials say there was no server or directory impacted and no credit card or banking information was included. Read more on WAFF.
Molly Crane-Newman reports: An Alabama man accused of stealing more than $150,000 in cryptocurrency through a large-scale SIM swapping scheme that targeted Manhattan residents was hit with a host of charges on Wednesday. Joseph Chase Oaks, 22, faces grand larceny, identity theft, computer trespass, computer tampering, scheme to defraud, and other related charges for his scam that targeted hundreds of unwitting victims, prosecutors said at his arraignment. Read more on New York Daily News.
Sara Merken reports on a lawsuit stemming from a ransomware attack last year that potentially impacted almost 400,000 patients: A federal judge in Alabama dismissed a proposed class action against a major provider of dental services for children in the state that suffered a ransomware attack last year, concluding the plaintiffs lacked standing. U.S. District Judge R. Austin Huffaker Jr on Thursday tossed the case, which was brought against Sarrell Regional Dental Center for Public Health Inc by patient Lindsey Blahous on behalf of herself and her three minor children. Read more on Reuters.
WPMI reports that an app developed to help Alabamians apply for unemployment benefits and check on their status was exposing personal information: Our sister station WBMA in Birmingham did some digging and found out that new app exposed the personal information of unemployment applicants to others. Rhonda Jones says when she tried to view her daughter’s documents that she uploaded, she saw someone else’s name, social security number, address, bank account and bank routing numbers and how much money he made on his tax return. Read more on NBC15.
Feroze Dhanoa reports: Hackers gained access to some UAB Medicine employee email accounts exposing the protected health information of 20,000 patients, the hospital said this week. UAB Medicine is notifying the affected patients that their information could have potentially been seen by the hackers. Read more on Patch
Kate Reilly reports: Three hospitals in Alabama remained closed Wednesday “to all but the most critical new patients” due to a ransomware attack that disrupted medical care. “A criminal is limiting our ability to use our computer systems in exchange for an as-yet unknown payment,” the DCH Health System said in a statement on Tuesday. “Our hospitals have implemented our emergency procedures to ensure safe and efficient operations in the event technology dependent on computers is not available.” The system’s three hospitals — DCH Regional Medical Center, Northport Medical Center and Fayette Medical Center — will proceed with planned elective procedures and surgeries on Wednesday and will continue caring for any patients who were already staying in the hospitals. Read more on Time.
Nicole Fierro reports that in addition to the Springhill Medical Center, steel Blastech Mobile has also been crippled by a ransomware attack. According to an employee interviewed by NBC: “They actually told us we’ve been cyber attacked and somebody has money held over our CEO’s head,” they said, adding “I don’t know the exact amount but it’s in the millions for them to get the system back.” That doesn’t sound likely as a ransom amount, but it does seem as if the entity has been seriously impacted. Blastech offered the following comment to NBC: We became aware of a cyberattack across our network a few days ago and are currently investigating the source of the attack. This incident has severely impacted our systems and operations, including email and phone service. We are currently working to get all business operations and services back online as quickly as possible. Our employees continue to be our first priority. We provided all employees with an update on this situation earlier in the week and we will continue to communicate with them as the situation develops. We are also investigating whether customer information was compromised, and we will be reaching out to any impacted customers as developments warrant. This is a complex situation that continues to develop. We are monitoring progress on a daily, if not hourly, basis and continue to work in the best interests of our customers and our employees. Read more on NBC15.
Tuscaloosa News reports: The University of Alabama says a 2009 computer security incident involving a server for Brewer-Porch Children’s Center may have exposed some personal information for about 1,400 former clients, employees and medical providers. In June, staff preparing an old server for disposal discovered unauthorized login activity between Oct. 24, 2009, and Dec. 9, 2009, from outside the United States. The incident could affect any Brewer-Porch client who received services from Brewer-Porch between Sept. 27, 2002, and Dec. 9, 2009, and any employees and medical providers working for Brewer-Porch during that same time period. Read more on Tuscaloosa News. On a positive note, it sounds like they did a good job of preparing an old server for disposal if they found evidence of a 10-year hack and didn’t try to just cover things up. Kudos to them for disclosing this old incident and for following notification obligations that apply to notify the 727 former clients whose personal and medical information was on the server as well as the 641 former employees and providers whose SSN and other personal and employment-related information were on the server.
The Alabama Baptist reports: A data breach at the International Mission Board (IMB) may have exposed personal information of current and former employees, volunteers and applicants. The IMB began a “comprehensive response” immediately upon discovering the cyber security incident on April 11 and promptly notified law enforcement officials, according to a statement released to Baptist Press on July 16. Read more on The Alabama Baptist. The IMB breach has been reported to the California Attorney General’s Office as a hacking incident that occurred on February 14 and was discovered on April 11. The hacker would have been able to access: name, address, telephone number, email address, Social Security number, date of birth, and possibly limited health information.The incident did not impact IMB’s financial or email systems. Although that report indicated that 4,663 California residents were being notified of the incident, the report did not indicate the total number nationwide, and based on this news report from Alabama, the nationwide total will presumably be much higher, as IMB was unable to determine exactly whose data was accessed and prudently opted for notifying everyone who might be impacted.
Cody Long reports: The Alabama Board of Education and Escambia County Board of Education are investigating after school administrators found discrepancies in students’ grade reports in East Brewton. Escambia County Superintendent John Knott confirms there were changes to students’ grades at W.S. Neal High School. The discrepancies were discovered when the school was finalizing the Top 10 students. Knott reported it immediately to the Alabama Board of Education. Read more on WKRG.