Pennsylvania's Allegheny County, Harris Health Systems, Dallas-based UT Southwestern Medical Center, and Johns Hopkins All Children's Hospital have disclosed experiencing health data breaches as a result of the widespread Cl0p ransomware attack involving the exploitation of a vulnerability in the MOVEit Transfer file transfer app, HealthITSecurity reports.
Allegheny County reported that some of the 689,686 individuals whose Social Security numbers, taxpayer identification numbers, and driver's license numbers were exposed following the hack also had their health insurance information, diagnoses, treatment details, and admission dates compromised.
Officials have urged continued vigilance among those impacted despite having been informed that Cl0p has deleted the stolen data.
On the other hand, almost 224,700 patients at Harris Health Systems had their personal data and care-related information stolen as part of the MOVEit hack, while UTSW said that the breach has impacted the personal health information of 98,437 patients, some of which also had their SSNs compromised.
Meanwhile, Johns Hopkins All Children's Hospital may have had patient, employee, and student data affected by the MOVEit breach in the larger Johns Hopkins Health System. Officials emphasized that no electronic personal health records have been impacted but investigation into the extent of the breach is still underway.
Utilization of Slack will be halted across most of Disney's businesses by the end of the year, said Disney Chief Financial Officer Hugh Johnston in a report in the Status media newsletter.
Attacks involved the utilization of Amazon S3 bucket and Content Delivery Network-hosted sites spoofing Google CAPTCHA pages and other verification sites, which include instructions that trigger a malicious PowerShell command downloading Lumma Stealer and proceeding with the exfiltration of sensitive device data.
Some of the 340 GB of sensitive data purportedly stolen from the City of Pleasanton, including names, birthdates, credit card numbers, and other personal and corporate financial information, have already been exposed by Valencia.