Jan 222018

When I saw that Monticello Central School District in New York had submitted a breach notification to the Vermont Attorney General’s Office and it mentioned phishing, I thought we might have our very first W-2 phishing incident of 2018.

But no, it seems that the school district is reporting a phishing incident that they believe happened on or about November 1, 2017. And it doesn’t appear to be W-2 data, either, as they say the personal information was name, address, date of birth, and Social Security number. An FAQ on the incident indicates that for some people, driver’s license number was also involved.

The district made arrangements with IDExperts to provide services to those affected, although the district says it has no evidence of any misuse of the information.

Read the notification here (pdf). They do not indicate when this breach was first discovered or how, or how many employees may have been affected, but the FAQ by IDExperts on the incident indicates that 2,598 individuals were affected.

Jan 222018

Pedes Orange County, Inc. in California shares their medical facility with another medical group that  conducts surgical procedures. To coordinate, it seems that they share a scheduling tool with other medical professionals in their building.

Somehow – and it’s not yet clear to me how this happened in terms of access controls – a physician from another medical group accessed Pedes’ EMR records database “without permission and disclosed the database materials to their attorney.”

According to their data breach notification, the incident was discovered on November 14 (and they do not explain how they discovered it or when it unauthorized access first began), they we have been working with the unauthorized individual to destroy all patient medical information that was accessed without permission, which for some patients, may have included name, medical diagnosis, medical treatments, dates of medical service, and other treatment related information.

The notification does not indicate how many patients had their information improperly accessed.

DataBreaches.net sent Pedes a few questions through their on-site contact form, but has received no response as yet. This post may be updated as more information becomes available.


Update: This was reported to HHS as impacting 917 patients, but this site still has a number of questions about this incident and hopes Pedes responds.


Jan 222018

It was one of those deja vu experiences I’m increasingly likely to have these days. I read a breach notification template that involved health insurance information, made a note of it in my compilation worksheet for Protenus, and was going about my other work when I read another notification template that was identical – except for the number of individuals being notified and the name of the firm making the notification.

Both notification templates – from Corovan Corporation and Employer Leasing – are signed by Kimberly Kamencik,  Chief Financial Officer.

Both notification letters describe the same incident – files being inadvertently exposed on a company server and indexed by Google sometime between September 14 and September 18, 2017. Both letters say that they started notifying impacted individuals on November 7, but then ongoing investigation revealed addition individuals who needed to be notified, so a second batch of notification letters was being sent out this month:

Corovan Corporation provided notice to approximately 440 California residents on November 7, 2017. However, Corovan Corporation identified an additional 293 impacted California residents during its continued investigation into this incident. Corovan Corporation is now providing notice of this incident to the California Attorney General because the November 7, 2017 notice to impacted individuals did not exceed 500 California residents.

On January 16, 2018, Corovan began providing written notice of this incident to those additional 293 impacted California residents.

— from Corovan notification, and:

Employer Leasing provided notice to approximately 193 California residents on November 7, 2017. However, Employer Leasing identified an additional 624 impacted California residents during its continued investigation into this incident.

Employer Leasing is now providing notice of this incident to the California Attorney General because the November 7, 2017 notice to impacted individuals did not exceed 500 California residents.

On January 16, 2018, Employer Leasing began providing written notice of this incident to those six hundred twenty-four (624) additional California residents.

— from Employer Leasing notification

 I wonder if there are any more companies that will submit the same incident.

Jan 222018

Julie Wootton-Greener reports that Jerome School District in Idaho is still working on recovering from a ransomware attack that they discovered on December 11. Readers may recall that at the time, the ransom amount was the equivalent of USD $65,000 and the district decided not to pay it as they felt they could recover from backups.

The Jerome School District has now been able to restore its most of its computer systems, such as payroll and its student database.

“We have the critical data restored for the most part,” Layne said.

About 95 percent of processes are functional, but there are still some connectivity issues, such as with a food service computer program and PowerSchool, a student management system.

Read more on Reading Eagle.

Jan 202018

The arrest last week of a former CIA officer suspected of spying for China exposed one of the most significant intelligence breaches in American history. But the damage is even worse than first reported, sources familiar with the matter tell NBC News.

A secret FBI–CIA task force investigating the case concluded that the Chinese government penetrated the CIA’s method of clandestine communication with its spies, using that knowledge to arrest and execute at least 20 CIA informants, according to multiple current and former government officials.

American officials suspect China then shared that information with Russia, which employed it to expose, arrest and possibly even kill American spies in that country, said the current and former officials, who declined to be named discussing a highly sensitive matter.

Read more on NBC.

via @Reka_Niewidka