SFBA.social

78 posts53 participants14 posts today

The New Oil<a href="https://mastodon.thenewoil.org/tags/BlueShield" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BlueShield</a> of California leaked health data of 4.7 million members to <a href="https://mastodon.thenewoil.org/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Google</a><a href="https://www.bleepingcomputer.com/news/security/blue-shield-of-california-leaked-health-data-of-47-million-members-to-google/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/blue-shield-of-california-leaked-health-data-of-47-million-members-to-google/</a><a href="https://mastodon.thenewoil.org/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#privacy</a> <a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://mastodon.thenewoil.org/tags/DataBreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DataBreach</a> <a href="https://mastodon.thenewoil.org/tags/healtchare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#healtchare</a>

Efani🚨 4.7 million health records leaked — not by hackers, but by a misconfigured analytics tool.Blue Shield of California has disclosed a major data leak caused by a Google Analytics misconfiguration that exposed protected health information (PHI) to Google’s advertising platforms over a 33-month period.The incident, now listed on the U.S. Department of Health and Human Services breach portal, impacted nearly 80% of the nonprofit health plan’s members across California.What happened: - Google Analytics was incorrectly set up on Blue Shield websites - This allowed sensitive member data to be shared with Google Ads - The information may have been used to run personalized ad campaigns targeting individual usersExposed data includes: - Insurance plan names, group numbers, and Blue Shield identifiers - Patient names, medical claim dates, providers, and financial responsibility - “Find a Doctor” search terms and results - City, zip code, gender, and family sizeNo Social Security numbers or payment data were leaked, but the nature of the exposed PHI still raises serious concerns around patient profiling and targeted advertising.Blue Shield has not offered identity theft protection or confirmed if affected users will receive direct notifications.This is the second major incident in under a year. In 2024, nearly one million members were impacted by a ransomware attack via software vendor Connexure.At <a href="https://infosec.exchange/@Efani" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Efani</a>, we believe data privacy lapses aren’t just technical failures — they’re trust failures. And when it comes to healthcare, every misstep can affect lives, not just log files.<a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/BlueShield" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BlueShield</a> <a href="https://infosec.exchange/tags/DataBreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DataBreach</a>

nemo™ 🇺🇦🚨 Huge data leak alert! A top employee monitoring app, WorkComposer, exposed 21 MILLION screenshots from thousands of users via an unprotected Amazon S3 bucket. 😱 Sensitive info like passwords, emails & proprietary data were at risk! 🔐 Companies must secure cloud data NOW! <a href="https://mas.to/tags/DataBreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DataBreach</a> <a href="https://mas.to/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://mas.to/tags/PrivacyMatters" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PrivacyMatters</a> <a href="https://mas.to/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudSecurity</a> <a href="https://mas.to/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> Read more: <a href="https://www.techradar.com/pro/security/top-employee-monitoring-app-leaks-21-million-screenshots-on-thousands-of-users" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.techradar.com/pro/security/top-employee-monitoring-app-leaks-21-million-screenshots-on-thousands-of-users</a>

Healthcare Privacy & HIPAA BotDATE: April 24, 2025 at 11:15AM SOURCE: HIPAA JOURNALDirect article link at end of text block below.Blue Shield of California Announces Impermissible Disclosure of PHI to Google Ads: 4.7 Million Affected <a href="https://t.co/kdgU9FMr8V" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://t.co/kdgU9FMr8V</a> <a href="https://mastodon.clinicians-exchange.org/tags/healthcare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#healthcare</a> <a href="https://mastodon.clinicians-exchange.org/tags/databreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#databreach</a>Here are any URLs found in the article text: <a href="https://t.co/kdgU9FMr8V" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://t.co/kdgU9FMr8V</a>Articles can be found by scrolling down the page at <a href="https://www.hipaajournal.com/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.hipaajournal.com/</a> . -------------------------------------------------Private, vetted email list for mental health professionals: <a href="https://www.clinicians-exchange.org" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.clinicians-exchange.org</a>Most healthcare security and privacy posts related to IT or infosec are at <a href="https://mastodon.clinicians-exchange.org/@rsstosecurity" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@rsstosecurity</a>-------------------------------------------------<a href="https://mastodon.clinicians-exchange.org/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://mastodon.clinicians-exchange.org/tags/healthcare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#healthcare</a> <a href="https://mastodon.clinicians-exchange.org/tags/doctors" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#doctors</a> <a href="https://mastodon.clinicians-exchange.org/tags/psychotherapy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#psychotherapy</a> <a href="https://mastodon.clinicians-exchange.org/tags/securitynews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#securitynews</a> <a href="https://mastodon.clinicians-exchange.org/tags/psychotherapist" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#psychotherapist</a> <a href="https://mastodon.clinicians-exchange.org/tags/mentalhealth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mentalhealth</a> <a href="https://mastodon.clinicians-exchange.org/tags/psychiatry" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#psychiatry</a> <a href="https://mastodon.clinicians-exchange.org/tags/hospital" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hospital</a> <a href="https://mastodon.clinicians-exchange.org/tags/socialwork" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#socialwork</a> <a href="https://mastodon.clinicians-exchange.org/tags/HIPAA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HIPAA</a> <a href="https://mastodon.clinicians-exchange.org/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#privacy</a> <a href="https://mastodon.clinicians-exchange.org/tags/healthcaresecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#healthcaresecurity</a> <a href="https://mastodon.clinicians-exchange.org/tags/BAA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BAA</a> <a href="https://mastodon.clinicians-exchange.org/tags/patientrecords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#patientrecords</a> <a href="https://mastodon.clinicians-exchange.org/tags/telehealth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#telehealth</a> <a href="https://mastodon.clinicians-exchange.org/tags/socialengineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#socialengineering</a>

Healthcare Privacy & HIPAA BotDATE: April 24, 2025 at 11:15AM SOURCE: HIPAA JOURNALDirect article link at end of text block below.Blue Shield of California Announces Impermissible Disclosure of PHI to Google Ads: 4.7 Million Affected <a href="https://t.co/kdgU9FMr8V" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://t.co/kdgU9FMr8V</a> <a href="https://mastodon.clinicians-exchange.org/tags/healthcare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#healthcare</a> <a href="https://mastodon.clinicians-exchange.org/tags/databreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#databreach</a>Articles can be found by scrolling down the page at <a href="https://www.hipaajournal.com/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.hipaajournal.com/</a> . -------------------------------------------------Private, vetted email list for mental health professionals: <a href="https://www.clinicians-exchange.org" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.clinicians-exchange.org</a>Most healthcare security and privacy posts related to IT or infosec are at <a href="https://mastodon.clinicians-exchange.org/@rsstosecurity" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@rsstosecurity</a>-------------------------------------------------<a href="https://mastodon.clinicians-exchange.org/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://mastodon.clinicians-exchange.org/tags/healthcare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#healthcare</a> <a href="https://mastodon.clinicians-exchange.org/tags/doctors" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#doctors</a> <a href="https://mastodon.clinicians-exchange.org/tags/psychotherapy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#psychotherapy</a> <a href="https://mastodon.clinicians-exchange.org/tags/securitynews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#securitynews</a> <a href="https://mastodon.clinicians-exchange.org/tags/psychotherapist" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#psychotherapist</a> <a href="https://mastodon.clinicians-exchange.org/tags/mentalhealth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mentalhealth</a> <a href="https://mastodon.clinicians-exchange.org/tags/psychiatry" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#psychiatry</a> <a href="https://mastodon.clinicians-exchange.org/tags/hospital" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hospital</a> <a href="https://mastodon.clinicians-exchange.org/tags/socialwork" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#socialwork</a> <a href="https://mastodon.clinicians-exchange.org/tags/HIPAA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HIPAA</a> <a href="https://mastodon.clinicians-exchange.org/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#privacy</a> <a href="https://mastodon.clinicians-exchange.org/tags/healthcaresecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#healthcaresecurity</a> <a href="https://mastodon.clinicians-exchange.org/tags/BAA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BAA</a> <a href="https://mastodon.clinicians-exchange.org/tags/patientrecords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#patientrecords</a> <a href="https://mastodon.clinicians-exchange.org/tags/telehealth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#telehealth</a> <a href="https://mastodon.clinicians-exchange.org/tags/socialengineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#socialengineering</a>

LavX NewsMassive Data Breach at Yale New Haven Health: A Closer Look at Cybersecurity VulnerabilitiesIn a shocking revelation, Yale New Haven Health has disclosed a data breach affecting 5.5 million patients, exposing sensitive personal information. This incident underscores the urgent need for robus...<a href="https://news.lavx.hu/article/massive-data-breach-at-yale-new-haven-health-a-closer-look-at-cybersecurity-vulnerabilities" rel="nofollow noopener noreferrer" target="_blank">https://news.lavx.hu/article/massive-data-breach-at-yale-new-haven-health-a-closer-look-at-cybersecurity-vulnerabilities</a><a href="https://mastodon.cloud/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#news</a> <a href="https://mastodon.cloud/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tech</a> <a href="https://mastodon.cloud/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://mastodon.cloud/tags/DataBreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DataBreach</a> <a href="https://mastodon.cloud/tags/HealthcareSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HealthcareSecurity</a>

Europe Says<a href="https://www.europesays.com/2022415/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.europesays.com/2022415/</a> Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Zero-Day and ThreatNeedle Malware <a href="https://pubeurope.com/tags/ComputerSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ComputerSecurity</a> <a href="https://pubeurope.com/tags/CyberAttacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberAttacks</a> <a href="https://pubeurope.com/tags/CyberNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberNews</a> <a href="https://pubeurope.com/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurityNews</a> <a href="https://pubeurope.com/tags/CyberSecurityNewsToday" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurityNewsToday</a> <a href="https://pubeurope.com/tags/CyberSecurityUpdates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurityUpdates</a> <a href="https://pubeurope.com/tags/CyberUpdates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberUpdates</a> <a href="https://pubeurope.com/tags/DataBreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DataBreach</a> <a href="https://pubeurope.com/tags/HackerNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HackerNews</a> <a href="https://pubeurope.com/tags/HackingNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HackingNews</a> <a href="https://pubeurope.com/tags/HowToHack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HowToHack</a> <a href="https://pubeurope.com/tags/InformationSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InformationSecurity</a> <a href="https://pubeurope.com/tags/NetworkSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NetworkSecurity</a> <a href="https://pubeurope.com/tags/RansomwareMalware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RansomwareMalware</a> <a href="https://pubeurope.com/tags/SoftwareVulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SoftwareVulnerability</a> <a href="https://pubeurope.com/tags/SouthKorea" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SouthKorea</a> <a href="https://pubeurope.com/tags/TheHackerNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TheHackerNews</a>

Dissent Doe :cupofcoffee:Updating an incident: The InterLock ransomware gang has claimed responsibility for the DaVita attack. They claim to have exfiltrated  1,510 GB of data,  683,104 files, and  75,836 folders, and have leaked the file tree and some folder information.<a href="https://infosec.exchange/tags/healthsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#healthsec</a> <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ransomware</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/DaVita" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DaVita</a> <a href="https://infosec.exchange/tags/InterLock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InterLock</a> <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#databreach</a>

Dissent Doe :cupofcoffee:No need to hack when it’s leaking: Atrium Health edition: <a href="https://databreaches.net/2025/04/24/no-need-to-hack-when-its-leaking-atrium-health-edition/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://databreaches.net/2025/04/24/no-need-to-hack-when-its-leaking-atrium-health-edition/</a><a href="https://infosec.exchange/tags/healthsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#healthsec</a> <a href="https://infosec.exchange/tags/leak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#leak</a> <a href="https://infosec.exchange/tags/HIPAA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HIPAA</a> <a href="https://infosec.exchange/tags/SecurityRule" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SecurityRule</a> <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#databreach</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a>

Dissent Doe :cupofcoffee:If you are a loooong-time reader of DataBreaches.net, you will likely recall a terrible insider breach in Canada that I reported in 2011 where, as a result of the insider wrongdoing, 13 people became victims of arson or were shot at! There is now an update on the litigation stemming from that case.High court upholds damages in ICBC privacy breach that resulted in shootings, arson: <a href="https://databreaches.net/2025/04/24/high-court-upholds-damages-in-icbc-privacy-breach-that-resulted-in-shootings-arson/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://databreaches.net/2025/04/24/high-court-upholds-damages-in-icbc-privacy-breach-that-resulted-in-shootings-arson/</a>And if you are someone who is one of those loooong-time readers: thank you! <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#databreach</a> <a href="https://infosec.exchange/tags/insider" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#insider</a> <a href="https://infosec.exchange/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#privacy</a> <a href="https://infosec.exchange/tags/ICBC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICBC</a> <a href="https://infosec.exchange/tags/arson" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#arson</a> <a href="https://infosec.exchange/tags/violence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#violence</a>

Dissent Doe :cupofcoffee:A county auditor was ordered to pay $80k to a town after their error sent the funds to fraudsters. I don't recall ever seeing an order like this before.<a href="https://databreaches.net/2025/04/24/county-auditor-ordered-to-pay-80k-after-cyberattack/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://databreaches.net/2025/04/24/county-auditor-ordered-to-pay-80k-after-cyberattack/</a><a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#databreach</a> <a href="https://infosec.exchange/tags/fraud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#fraud</a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#phishing</a> <a href="https://infosec.exchange/tags/govsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#govsec</a> <a href="https://infosec.exchange/tags/mandamus" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mandamus</a> <a href="https://infosec.exchange/tags/negligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#negligence</a>

techiSouth Korea’s data watchdog has accused Chinese AI firm DeepSeek of illegally transferring personal data and AI prompts overseas without user consent. The chatbot, pulled from the Korean market in February, allegedly shared sensitive info with entities in China and the U.S., violating privacy laws. <a href="https://mstdn.social/tags/DeepSeek" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DeepSeek</a> <a href="https://mstdn.social/tags/DataPrivacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DataPrivacy</a> <a href="https://mstdn.social/tags/AIRegulation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AIRegulation</a> <a href="https://mstdn.social/tags/SouthKorea" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SouthKorea</a> <a href="https://mstdn.social/tags/TechNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TechNews</a> <a href="https://mstdn.social/tags/DataBreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DataBreach</a> <a href="https://mstdn.social/tags/PrivacyPolicy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PrivacyPolicy</a> <a href="https://mstdn.social/tags/TECHi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TECHi</a>Read Full Article Here :- <a href="https://www.techi.com/deepseek-user-data-transfer-privacy-violation-south-korea/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.techi.com/deepseek-user-data-transfer-privacy-violation-south-korea/</a>

BeyondMachines :verified:Onsite Mammography data breach exposes data of 357K individualsA phishing attack on October 2, 2024 compromised an employee's email account at Onsite Mammography (operating as Onsite Women's Health), exposing sensitive data of 357,265 individuals. The healthcare provider has secured the affected account, engaged forensic investigators, notified law enforcement, and is offering affected individuals 12 months of complimentary credit monitoring and identity protection services.**** <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/incident" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#incident</a> <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#databreach</a> <a href="https://beyondmachines.net/event_details/onsite-mammography-data-breach-exposes-data-of-357k-individuals-0-a-u-s-j/gD2P6Ple2L" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://beyondmachines.net/event_details/onsite-mammography-data-breach-exposes-data-of-357k-individuals-0-a-u-s-j/gD2P6Ple2L</a>

BeyondMachines :verified:Malicious code injected Ripple's xrpl.js npm package, compromises cryptocurrency private keysA supply chain attack has compromised multiple versions of the popular cryptocurrency JavaScript library xrpl.js (used for XRP Ledger blockchain interactions). Attackers have inserted malicious code that harvests and exfiltrates users' private keys to the domain "0x9c[.]xyz", allowing unauthorized access to cryptocurrency wallets and assets.**If you are using xrpl.js, update it to versions 4.2.5 or 2.14.3 IMMEDIATELY. If you've used compromised versions (4.2.1-4.2.4 or 2.14.2) since April 21st, assume your keys may be compromised and transfer funds to new, secure wallets. And implement package verification signatures for external packages to reduce malicious code injection - it's not simple but it does help.** <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/advisory" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#advisory</a> <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#databreach</a> <a href="https://beyondmachines.net/event_details/malicious-code-injected-ripple-s-xrpl-js-npm-package-compromises-cryptocurrency-private-keys-6-g-5-3-s/gD2P6Ple2L" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://beyondmachines.net/event_details/malicious-code-injected-ripple-s-xrpl-js-npm-package-compromises-cryptocurrency-private-keys-6-g-5-3-s/gD2P6Ple2L</a>

TechnoTenshi :verified_trans: :Fire_Lesbian:DOGE staff allegedly used admin accounts to exfiltrate over 10GB of sensitive NLRB case data, downloading tools linked to brute forcing and web scraping. A whistleblower tied one tool to DOGE employee Marko Elez. <a href="https://krebsonsecurity.com/2025/04/doge-workers-code-supports-nlrb-whistleblower/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://krebsonsecurity.com/2025/04/doge-workers-code-supports-nlrb-whistleblower/</a><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#databreach</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#privacy</a>

Efani🚨 Three more healthcare providers were hit by ransomware attacks this month — adding to what is already shaping up to be one of the worst years for healthcare cyber incidents.The latest victims: - DaVita (dialysis provider with 3,000+ outpatient centers) - Bell Ambulance (serving Wisconsin with 120,000+ calls/year) - Alabama Ophthalmology Associates (regional medical provider)Here’s what happened: - DaVita detected a ransomware attack on April 12 impacting on-premises systems. They’ve shifted to manual processes but continue care delivery. - Bell Ambulance confirmed on April 14 that an unauthorized party accessed personal and health data as early as February. The Medusa ransomware gang has claimed responsibility. - Alabama Ophthalmology Associates disclosed a breach affecting 131,576 individuals, with BianLian ransomware operators taking credit.Sensitive data exposed in these incidents includes: - Social Security numbers - Driver’s license information - Medical records - Health insurance details - Patient call logs and treatment notes📊 According to HHS, these three attacks alone impacted nearly 250,000 individuals. The total number of U.S. healthcare data breaches in 2025 has now reached 194.Why healthcare is a top target: - High-value patient data - Critical systems with low tolerance for downtime - Legacy software and siloed security architecture - Ransomware actors see healthcare as “pay fast or patients suffer”💡 Expert insight: Huntress reports that 10% of all IR cases now involve healthcare, with ransomware leading the pack. One machine compromise often leads to full network access due to lack of segmentation and identity controls.The advice? “Brilliance is in the basics.” - Strong passwords - MFA everywhere - Segment your network - Secure the perimeter - Least-privilege access alwaysAt <a href="https://infosec.exchange/@Efani" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Efani</a>, we believe healthcare deserves more than just crisis response. Cyber resilience in this sector starts with foundational controls — and ends with patient trust.<a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ransomware</a> <a href="https://infosec.exchange/tags/DataBreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DataBreach</a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntel</a>

Efani🚨 A February ransomware attack on Baltimore City Public Schools has now been confirmed to have compromised sensitive data belonging to over 25,000 individuals — including teachers, staff, contractors, and students.On Tuesday, the district issued a public breach notification revealing that: - The ransomware attack occurred on February 13, 2025 - Sensitive documents were stolen, including I-9 records and background checks - Impacted data includes Social Security numbers, driver’s licenses, passport info, and even student call logs and attendance records - 55% of all school employees were reportedly affected - Over 1,150 students — roughly 1.5% of the district's enrollment — had personal information accessed While no ransom was paid, reports suggest the Cloak ransomware gang may be behind the attack. So far, no group has taken credit publicly.Additional context: - Law enforcement was notified - Cybersecurity firms were brought in for investigation and recovery - The school district is now offering two years of credit monitoring to impacted individuals - Affected parties are receiving breach notification letters this week In a positive step, the district has rolled out new cybersecurity enhancements: - Endpoint Detection and Response (EDR) software - District-wide password resets - Continued forensic investigation Baltimore has been no stranger to cyberattacks: - A 2020 school system breach cost more than $10 million - A 2019 ransomware attack disrupted city-wide operations And Baltimore’s not alone — experts have already recorded 75 ransomware attacks on U.S. K-12 schools and colleges in 2025, one of the highest numbers ever tracked.At <a href="https://infosec.exchange/@Efani" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Efani</a>, we believe that the education sector — often underfunded and digitally vulnerable — is now squarely in the crosshairs. Schools don’t just need backups. They need active defense, endpoint visibility, and employee training that starts at onboarding.<a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ransomware</a> <a href="https://infosec.exchange/tags/EducationSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EducationSecurity</a> <a href="https://infosec.exchange/tags/DataBreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DataBreach</a> <a href="https://infosec.exchange/tags/K12CyberRisk" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#K12CyberRisk</a> <a href="https://infosec.exchange/tags/EfaniSecure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EfaniSecure</a> <a href="https://infosec.exchange/tags/BaltimoreCyberattack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BaltimoreCyberattack</a>

BeyondMachines :verified:Grant County Public Utility District reports data breach affecting 850 peopleGrant County Public Utility District has reported a data breach affecting approximately 850 employees and recent retirees who were on payroll from March through April 2024. The utility company claims the incident has been contained and does not impact customer information.**** <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/incident" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#incident</a> <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#databreach</a> <a href="https://beyondmachines.net/event_details/grant-county-public-utility-district-reports-data-breach-affecting-850-people-7-p-6-k-i/gD2P6Ple2L" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://beyondmachines.net/event_details/grant-county-public-utility-district-reports-data-breach-affecting-850-people-7-p-6-k-i/gD2P6Ple2L</a>

BeyondMachines :verified:The Plastic Surgery Center reports data breach affecting patient informationThe Plastic Surgery Center, operating across 20+ locations in three states, has disclosed a data breach through its contracted billing company's network, where an unknown actor accessed and potentially exfiltrated files containing highly sensitive patient information. TPSC is sending notification letters and offering free credit monitoring services to affected individuals.**** <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/incident" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#incident</a> <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#databreach</a> <a href="https://beyondmachines.net/event_details/the-plastic-surgery-center-reports-data-breach-affecting-patient-information-v-x-t-z-k/gD2P6Ple2L" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://beyondmachines.net/event_details/the-plastic-surgery-center-reports-data-breach-affecting-patient-information-v-x-t-z-k/gD2P6Ple2L</a>

Healthcare Privacy & HIPAA BotDATE: April 23, 2025 at 12:41PM SOURCE: HIPAA JOURNALDirect article link at end of text block below.March 2025 Healthcare Data Breach Report - 53 large healthcare data breaches; 1,754,097 affected individuals <a href="https://t.co/a7JtT4QsoB" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://t.co/a7JtT4QsoB</a> <a href="https://mastodon.clinicians-exchange.org/tags/hipaa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hipaa</a> <a href="https://mastodon.clinicians-exchange.org/tags/compliance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#compliance</a> <a href="https://mastodon.clinicians-exchange.org/tags/healthcare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#healthcare</a> <a href="https://mastodon.clinicians-exchange.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://mastodon.clinicians-exchange.org/tags/databreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#databreach</a>Here are any URLs found in the article text: <a href="https://t.co/a7JtT4QsoB" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://t.co/a7JtT4QsoB</a>Articles can be found by scrolling down the page at <a href="https://www.hipaajournal.com/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.hipaajournal.com/</a> . -------------------------------------------------Private, vetted email list for mental health professionals: <a href="https://www.clinicians-exchange.org" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.clinicians-exchange.org</a>Most healthcare security and privacy posts related to IT or infosec are at <a href="https://mastodon.clinicians-exchange.org/@rsstosecurity" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@rsstosecurity</a>-------------------------------------------------<a href="https://mastodon.clinicians-exchange.org/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://mastodon.clinicians-exchange.org/tags/healthcare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#healthcare</a> <a href="https://mastodon.clinicians-exchange.org/tags/doctors" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#doctors</a> <a href="https://mastodon.clinicians-exchange.org/tags/psychotherapy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#psychotherapy</a> <a href="https://mastodon.clinicians-exchange.org/tags/securitynews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#securitynews</a> <a href="https://mastodon.clinicians-exchange.org/tags/psychotherapist" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#psychotherapist</a> <a href="https://mastodon.clinicians-exchange.org/tags/mentalhealth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mentalhealth</a> <a href="https://mastodon.clinicians-exchange.org/tags/psychiatry" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#psychiatry</a> <a href="https://mastodon.clinicians-exchange.org/tags/hospital" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hospital</a> <a href="https://mastodon.clinicians-exchange.org/tags/socialwork" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#socialwork</a> <a href="https://mastodon.clinicians-exchange.org/tags/HIPAA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HIPAA</a> <a href="https://mastodon.clinicians-exchange.org/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#privacy</a> <a href="https://mastodon.clinicians-exchange.org/tags/healthcaresecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#healthcaresecurity</a> <a href="https://mastodon.clinicians-exchange.org/tags/BAA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BAA</a> <a href="https://mastodon.clinicians-exchange.org/tags/patientrecords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#patientrecords</a> <a href="https://mastodon.clinicians-exchange.org/tags/telehealth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#telehealth</a> <a href="https://mastodon.clinicians-exchange.org/tags/socialengineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#socialengineering</a>

Recent searches

Search options

Administered by:

Server stats:

#databreach