The Week in Breach News: 01/03/24 – 01/09/24

Risk to Business: 1.617 = Severe

HealthEC LLC, the New Jersey-based provider of a population health management (PHM) platform used by healthcare providers, has announced that it has experienced a data breach that may have exposed the personally identifiable information of an estimated 4.5 million people. According to a notice provided to the Maine Attorney General, a few of the major organizations that utilize the platform include Corewell Health, HonorHealth, Beaumont ACO, State of Tennessee – Division of TennCare, the University Medical Center of Princeton Physicians’ Organization and the Alliance for Integrated Care of New York. The incident occurred between July 14 and 23, 2023, but the company did not complete its investigation until December 2023. Exposed information includes a patient’s name, address, date of birth, Social Security number, taxpayer identification number, medical record number, medical information (diagnosis, diagnosis code, mental/physical condition, prescription information and provider’s name and location), health insurance information (beneficiary number, subscriber number, Medicaid/Medicare identification) as well as billing and claims information (patient account number, patient identification number and treatment cost information). 

Risk to Business: 1.691 = Severe

Gallery Systems has disclosed that it has experienced a cyberattack that has caused ongoing issues. The company provides the software that many major museums use to catalog their collections including the New York Museum of Modern Art (MoMA), the Metropolitan Museum of Art (Met), the Chrysler Museum of Art, the Museum of Pop Culture (MoPOP) in Seattle, the Barnes Foundation, the Crystal Bridges Museum of American Art and the San Francisco Museum of Modern Art (SFMOMA). The December 28 attack encrypted some of Gallery Systems’ devices, forcing the organization to take most of its systems offline including the online public viewing platform called eMuseum.  

Risk to Business: 2.703 = Moderate

The now-defunct medical transport company Fallon Ambulance Service has disclosed that it has experienced a data breach. The company ceased operations in December 2023. Fallon said that it experienced a cyberattack in mid-February 2023 that was discovered in April 2023. The company noted in a filing that it expects this breach to impact around 911,757 individuals nationwide. The Boston-area company was a subsidiary of Transformative Healthcare. The exposed data included names, driver’s license numbers and non-driver identification card numbers.

Risk to Business: 1.840 = Severe

The Housing Authority of the County of San Bernardino in California has announced that it has experienced a data breach that impacted an estimated 19,000 people. Officials say that their investigation revealed that hackers gained access to an employee email account in June 2023, leading to the exposure of residents’ personal data including names and Social Security numbers. HACSB has operated for more than 80 years and now serves about 26,000 people.  

Risk to Business: 1.723 = Severe

San Francisco-based international law firm Orrick, Herrington & Sutcliffe is informing people that it has experienced a data breach as the result of a February 2023 hacking incident. Clients affected included individuals with vision plans from EyeMed Vision Care, dental plans from Delta Dental, health insurer MultiPlan, behavioral health giant Carelon and the U.S. Small Business Administration (SBA). The firm said that the intrusion, discovered in March 2023, led to the exposure of sensitive health information for more than 637,000 people. The stolen data includes a variety of PII including names, dates of birth, addresses, email addresses, and government-issued identification numbers like Social Security, passport, driver’s license and tax identification numbers. Health information and financial data were also compromised, including medical treatment details, insurance claims information, healthcare insurance numbers, provider details, online account credentials, and credit/debit card numbers. Orrick says that it notified victims by mail starting in October 2023. The firm is offering victims two years of identity theft protection services through Kroll.  

Risk to Business: 1.736 = Severe

The French town of Pays Fouesnantais is experiencing a major outage of local services after it was hit by a cyberattack. Town officials informed residents that the entire municipal IT system was down, with only nationally run services like is the passport and national identity card service functioning. Community buildings like the community center and the leisure center are still open to the public but only function in a limited capacity.  

Risk to Business: 1.301 = Extreme

Korean DeFi company Orbit Chain has experienced a hacking incident that led to the loss of an estimated $86 million for users. The company sent out an urgent alert on X (formerly Twitter) warning users of the incident. Orbit Chain is a blockchain platform designed to function as a multi-asset hub, supporting interoperability between various blockchains, decentralized applications (DApps), and services. The first of the hacker attacks that caused the loss was logged on December 31. Experts suspect that North Korea is likely behind the hack.  

Risk to Business: 1.433 = Extreme

A Google Drive configuration error at Japanese Android game studio Ateam has led to data exposure for an estimated one million people. a misconfigured server left data available for anyone for more than six years. The company informed users of its apps and services that in November 2023, it discovered that in March 2017, technicians had mistakenly set a Google Drive cloud storage instance to “Anyone on the internet with the link can view”. That misconfigured Google Drive instance contained 1,369 files with personal information on Ateam customers, Ateam business partners and Ateam’s former and current employees. The data exposed by this blunder may include a customer, partner or employee’s full name, email address, phone number, customer management number and terminal (device) identification numbers.