In one look.
- Victims are suing SuperCare Health for data breach.
- Okta releases statement at end of investigation into ransomware attack.
- Customer Data Exposed in PlanMember Securities Corp. Data Breach
- REvil’s name change.
Victims are suing SuperCare Health for data breach.
US respiratory care provider SuperCare Health is facing multiple lawsuits related to a data breach in July 2021 that affected more than 300,000 people. Depending on the patient, the compromised data may have included name, address, date of birth, hospital or medical group, patient account number, medical record number, health insurance information, test/diagnosis/treatment information, claim information, and, for a small subset of victims, social security number or identification number. SuperCare is accused of negligence as a lawsuit claims the organization failed to take “adequate and reasonable steps” to protect patient data and violated California medical information privacy law and the California Privacy Act. unfair competition. The complaint reads: “Defendant’s data security obligations were particularly significant given the substantial increase in ransomware attacks and/or data breaches in the healthcare sector prior to the date of the complaint. breach”. Another lawsuit alleges that SuperCare failed to provide victims with adequate identity theft protection services, as those exposed could be at risk of identity theft for years to come. Remarks that the healthcare sector has seen an unprecedented increase in data breach litigation over the past year, with law firm BakerHostetler finding that forty-three lawsuits were filed against healthcare organizations in 2021 .
Okta releases statement at end of investigation into ransomware attack.
As we previously noted, US identity management company Okta, Inc. suffered a ransomware attack in January at the hands of the Lapsus$ threat group that exposed the data of several of its customers. safety week reports that Okta has concluded its investigation of the incident and terminated its relationship with Sykes/Sitel, the third-party vendor responsible for the breach. Okta’s chief information security officer, David Bradbury, released a statement yesterday saying the impact of the attack was “significantly lower than we originally anticipated”. Although Okta initially estimated that more than three hundred customers were affected, Bradbury explained that the attacker “actively monitored” a workstation belonging to a Sykes / Sitel engineer for twenty-five minutes, during which time he did not. only accessed the data of two customers. Bradbury added, “We are making further changes to our customer support tool to narrowly limit the information a support engineer can view. These changes also provide greater transparency on when this tool is used in customer admin consoles.” VentureBeat Remarks that Okta faced criticism for its response to the incident, as the company only disclosed the incident in March, only after Lapsus$ posted screenshots on Telegram as evidence of the attack . Okta admitted to mishandling communications initially, and in the most recent statement, the company knows “how vital it is to take steps to restore trust within our broader customer base and ecosystem.”
Customer Data Exposed in PlanMember Securities Corp. Data Breach
US financial services firm PlanMember Securities Corporation, considered one of the fifty largest independent brokers in the world, has revealed that it suffered a data breach exposing client names, social security numbers and information on bank accounts. JDSupra reports that PlanMember, which is based in the state of California, began notifying affected individuals earlier this week. While it’s unclear how many people were affected, PlanMember Securities has about $6.2 billion in assets under management on behalf of about 50,000 clients. Victims are advised to contact any of the three major credit bureaus and monitor financial accounts for suspicious activity.
REvil’s name change.
Ransomware gangs continue to pose a threat to personal information, and therefore privacy. John Hammond, Principal Security Researcher at Huntress, has followed the developments and shared the insights/thoughts below:
“While it’s too early to tell where this came from or what the implications are, there has been some movement on the REvil ransomware gang’s online onion website ‘Happy Blog’. Historically, this was the ransomware gang’s leak site, where they publish data of their ransomware victims who refused to pay the ransom – but for some time the site was offline and REvil seemed to have disappeared from the internet.
“Now, following recent political conversations between Moscow and the United States (https://twitter.com/vxunderground/status/1516759394486263809), the original REvil domain is back online…but redirects to a new address, with a slightly different appearance.(https://twitter.com/_JohnHammond/status/1516814490339262466)
“The ‘Join Us’ page (included as a screenshot and transmitted via Google Translate) suggests that new work can be done with ‘the same proven (but improved) software’, which could be a new interpretation The contact page also explains that workers affiliated with the ransomware can work with a member of the Russian darkweb forum “Rutor”, “useransom”, whose profile is private.
“Again, it’s too early to draw any solid conclusions, but pure speculation can certainly consider this a rebranding of REvil right after the US stopped talking to Russia about taking down cybercriminals. “