[Security News] Data Breaches from healthcare and engineering industries;OneBlood Bank, Cencora, HealthEquity, and McDowall
Sugust 07, 2024
1. Pharma Giant Cencora confirmed the theft of personal and health information
Pharmaceutical giant Cencora confirmed that the threat actors had access to personally identifiable information (PII) and protected health information (PHI) following the February 2024 cyberattack. On February 21, Cencora announced a data breach in a filing with the Securities and Exchange Commission (SEC). At the time, the company announced that it was investigating the scope of the security breach to determine the type of data that has been infiltrated. In a new filing with the Securities and Exchange Commission (SEC), the company reported that the amount of exfiltrated data is greater than what was initially identified.
Source : Security Affairs, SC Media, Infosecurity Magazine
2. Ransomware Attack Hits OneBlood Blood Bank, Disrupts Medical Operations
The organization, which provides blood services to more than 300 hospitals in Florida, Georgia and the Carolinas, said the security breach impacted its software system and slowed down operations. “Manual processes take significantly longer to perform and impact inventory availability. In an effort to further manage the blood supply we have asked the more than 250 hospitals we serve to activate their critical blood shortage protocols and to remain in that status for the time being,” Forbes added. OneBlood said it is working closely with anti-malware specialists and federal, state and local agencies as part of their incident response plan.
Sources: Security Week, Security Affairs, CNN, Bleeping Computer
3. HealthEquity says data breach impacts 4.3 million people
HSA provider HealthEquity has determined that a cybersecurity incident disclosed earlier this month has compromised the information of 4,300,000 people. An investigation determined that the breach occurred on March 9, 2024, but was only verified by the firm on June 26, following an internal investigation. The data that has been exposed as a result of this breach varies per individual and includes: Full names, Home address, Telephone number, Employer and employee ID, Social Security Number (SSN), General dependent information, Payment card information (not numbers).
Source : Bleeping Computer, Tech Radar, Tech Crunch
4. McDowall Affleck Confirms ‘Cyber Incident’ After RansomHub Claims Access to 470 GB Data
McDowall Affleck, an Australian engineering firm, has acknowledged being the target of a “cyber incident.” While the company has not identified a specific threat actor, the RansomHub ransomware group claimed responsibility for the McDowall Affleck cyberattack on August 1, 2024. The alleged perpetrator behind the attack, RansomHub, is a notorious ransomware group known for high-profile attacks. Details of the McDowall Affleck cyberattack were shared on a dark web site linked to the threat actor. According to RansomHub’s own communication, the group claims to have accessed 470 GB of McDowall Affleck’s internal data. The leaked information reportedly includes critical documents, insurance records, tender and contract details, and personal information of both employees and clients.
Source : The Cyber Express, Teiss, Cyber Daily
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Database Encryption: D’Amo
Identity and Access Management: iSIGN+
Car, Energy, Factory, City Solutions: Penta IoT Security
Click here for inquiries regarding the partner system of Penta Security
Check out the product lines of Cloudbric by Penta Security:
Cloud-based Fully Managed WAAP: Cloudbric WAF+
Agent based Zero Trust Network Access Solution: Cloudbric PAS
Agentless Zero Trust Network Access Solution: Cloudbric RAS
Blockchain: Blockchain Security Solution
Click here for inquiries regarding the partner system of Cloudbric