At a glance.
- Fertility app overshared, the FTC alleges.
- Dunghill ransomware compromises Gentex data.
- Data breach disclosed at United Health Services of Delaware.
Fertility app overshared, the FTC alleges.
TechCrunch reports that popular fertility tracking app Premom non-consensually shared sensitive health data with third-party advertisers. The cycle tracker developed by Easy Healthcare reportedly shared data on “hundreds of thousands“ of users. Not only did the information include location data, but it also contained details about “their sexual and reproductive health, parental and pregnancy status, as well as other information about an individuals’ physical health conditions and status.” The Federal Trade Commission (FTC) said that this data sharing violated the company's own privacy policies, which promised the sharing of only “non-identifiable data” with third parties.
A proposed settlement from the US Department of Justice has Easy Healthcare paying a $100,000 civil penalty for violation of the FTC’s Health Breach Notification Rule. $100,000 will also go to Connecticut, Oregon, and Washington DC, as they aided in the investigation.
Dunghill ransomware compromises Gentex data.
TechTarget reports that Michigan’s Gentex Corporation suffered a data breach caused by a ransomware attack, the company confirmed. The outlet received an email from an alleged operator of the Dunghill ransomware group with claims of breaching Gentex. Included in the email was a link to a Tor site containing “5 TB of sensitive corporate data, including emails, client documents and the personal data of 10,000 Gentex employees such as Social Security numbers.” TechTarget did not view or download the data, however, when they reached out to Gentex, the company confirmed the breach. It remains unknown when the breach occurred, however, it appears that it may have been a few months ago, and never saw public disclosure.
Data breach disclosed at United Health Services of Delaware.
United Health Services (UHS) of Delaware has filed a notice of a third-party data breach with the Montana Attorney General's office, JD Supra reports. According to the filing, a vendor had experienced a cyberattack that compromised the sensitive information of UHS of Delaware patients. Affected information included the full names of customers, account numbers, medical record numbers, admission dates, and discharge dates, among a few others. JD Supra reports that an investigation uncovered a user’s email address that was compromised in a phishing attack, which allowed access to all emails and attachments within the account. All impacted individuals have been sent a letter from the healthcare provider notifying them of the breach.