At a glance.
- TikTok’s in-app browser includes a keylogger…but the app says it’s only for debugging.
- Data breach adds insult to injury for wounded workers.
- US medical data breaches continue to rise.
TikTok’s in-app browser includes a keylogger…but the app says it’s only for debugging.
Data breach adds insult to injury for wounded workers.
The Workforce Safety & Insurance (WSI) agency of the US state of North Dakota has disclosed it experienced a cyberattack in June and that the data of nearly two hundred injured workers were exposed. The Bismarck Tribune reports that the intruder gained access to the data by infiltrating a WSI employee's email account, and the compromised machine has been secured and disconnected from the network. Analysis of the impacted machine revealed evidence of a “sophisticated phishing attack” carried out through a malicious email attachment, but fortunately the incident appears isolated to the one account. WSI has notified the affected individuals.
US medical data breaches continue to rise.
Becker’s Hospital Review notes that over eighty US medical providers were impacted by cyberattacks in August (so far) and lists eleven of the incidents reported by the Review this month. Among the reported attacks are a data breach at OneTouchPoint, a printing and mailing vendor, that impacted nearly forty healthcare organizations across the country (including household names Kaiser Permanente and Blue Cross Blue Shield), and an attack allegedly carried out by the Russian threat group the Karakurt gang affecting several health facilities in the state of Texas.
Health IT Security reports that Lamoille Health Partners, a medical facility located in the US state of Vermont, suffered a ransomware attack that compromised the data of 59,381 individuals. After detecting a network disruption, Lamoille discovered that an unauthorized third party potentially accessed and acquired patient data including names, addresses, Social Security numbers, and health insurance information. Lamoille was able to restore its systems from backups and stated that they “have no reason to believe that any personal information has been misused for the purpose of committing fraud or identity theft.”
Meanwhile in the state of Florida, Lee County Emergency Medical Services (EMS) has begun notifying an undisclosed number of individuals of a third-party data breach connected to
Intermedix Corporation, Lee County’s ambulance billing services vendor. Although Lee County EMS cut ties with Intermedix in 2014, the Lehigh Acres Citizen explains that Intermedix’s law firm Smith, Gambrell & Russell (SGR) was still in possession of Lee County data when the breach occurred. Lee County is working with Intermedix and SGR to notify individuals who may have been impacted.