Weekly Cybersecurity Recap July 14
Table of Contents
- By Steven
- Jul 14, 2023
Healthcare companies and insurance providers were hard hit this week in a slew of data breaches. Some of the breaches happened long ago, while others are fresh, but either way, it's clear that medical companies are being targeted heavily by hackers. The list of companies includes the Charles George VA Medical Center, ARx Patient Solutions, Advanced Medical Management, and Imagine360 LLC. We also can't skip over the fact that oil giant Shell was hit by a breach as well. It makes no difference whether a company is small or massive, any could be targeted for the next breach. Get the important details for each of these attacks below in your Mid-July data breach recap.
Charles George VA Medical Center
Asheville veterans were recently the victims of a breach affecting the Charles George VA Medical Center in North Carolina. The breach occurred because of mistaken emails sent to three veterans associated with the center. The emails sent included medical and personal data for more than 1,500 veterans. Two of the three veterans opened the emails, and the data could be misused. Social Security numbers, addresses, email addresses, phone numbers, and more were shared in the emails.
Advanced Medical Management
Advanced Medical Management, a technical healthcare management company, suffered from a data breach between May 10 and May 13 of this year. The breach resulted in the loss of Social Security Numbers, Driver's license numbers, phone numbers, and much more. The unauthorized access to Advanced Medical Management files occurred through the breach of a third-party vendor the company works with, and over 320,000 people could have lost some or all of the information listed above.
ARx Patient Solutions
ARx Patient Solutions, a medication technology company and health management service for major medical organizations, was the victim of a data breach in 2022. The breach wasn't reported until July 3, when an official filing was sent to the Maine Attorney General's office. According to official filings, more than 40,000 people could be impacted by this breach, and data like prescription information, Social Security numbers, doctor information, health account numbers, and more were lost to the attack.
Insurance services provider Imagine360 LLC suffered from two separate data breaches on January 20 and February 3. Both breaches were in third-party file management tools. Citrix was hit first, and then Fortra's GoAnywhere tool was hit next. Between the two separate incidents, more than 125k people lost personal data. According to the investigation, Social Security numbers, medical data, insurance information, full names, and more were taken by the hackers. An official report was filed with the Maine Attorney General on June 30, and individual notices were sent to everyone whose data was involved.
Oil giant Shell was one of the latest companies to be targeted by the ransomware gang behind all the MOVEit file transfer attacks. No official details about the data stolen have been confirmed yet, but the organization has confirmed it was breached, and sources say Shell isn't paying the ransom. Whatever data was taken from the oil company is going to be spread and misused by the attackers.