Strac Weekly Newsletter

01.

Medical Imaging Patients Exposed in Cyber Incident

East River Medical Imaging (ERMI) experienced a data security incident that was detected on September 20. The threat actors gained access to the network, copying various documents containing sensitive information such as names, contact details, insurance information, Social Security numbers, exam and procedure details, imaging results, and physician information. ERMI initiated an incident response process, collaborating with cybersecurity experts and law enforcement.

02.

How Hackers Phish for Your Users' Credentials and Sell Them

This article discusses the increasing threat of stolen credentials in cybercrime, emphasizing that a single set of compromised credentials can jeopardize an entire organizational network. According to the 2023 Verizon Data Breach Investigation Report, external parties, responsible for 83% of breaches between November 2021 and October 2022, were involved in 49% of these breaches by stealing credentials.

03.

Kentucky Hospital Chain Notifying 2.5 Million of Data Theft

Kentucky-based hospital chain Norton Healthcare is notifying millions of individuals that their information may have been exfiltrated in a cyber attack detected seven months ago. The attack was allegedly claimed by the Russian-speaking ransomware-as-a-service group Alphv/BlackCat, which reported the data theft in May.

04.

What Really Happens In a Data Breach (and What You Can Do About It)

The article discusses the implications of data breaches, especially when sensitive information is stolen. It highlights the importance of safeguarding encrypted data vaults and the risks associated with compromised credentials.

05.

Attor­ney Gen­er­al Ken Pax­ton Obtains Set­tle­ment with Black­baud Requir­ing Over­haul of its Data Secu­ri­ty Pri­va­cy Practices

Texas Attorney General Ken Paxton has reached a settlement with software provider Blackbaud over a 2020 data breach affecting over 13,000 customers, including educational institutions, healthcare groups, cultural organizations, and nonprofits.
The breach exposed sensitive data such as Social Security numbers, government IDs, financial information, protected health information, and donor demographics.