Steve Alder is considered an authority in the healthcare industry on HIPAA. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. The HHS’ Office for Civil Rights breach portal indicates 1,474,284 individuals were affected by the breach.Īuthor: Steve Alder is the editor-in-chief of HIPAA Journal. Kroger has offered complimentary credit monitoring services to all affected customers. No financial information or customer account passwords were compromised, and there have been no reports of the misuse of any customer data. The breached information included patient names, addresses, telephone numbers, dates of birth, Social Security numbers, insurance claim information, prescription information, and some medical history information. Kroger said fewer than 1% of its customers were affected, most of whom were customers of Kroger Health and Money Services, including pharmacy and Little Clinic patients and beneficiaries of its Health and Welfare Benefit Plan and Retiree Health and Welfare Benefit Plan. An internal investigation was conducted to determine which information had potentially been stolen. Kroger was alerted to the breach on Januand discontinued use of the Accellion FTA. Accellion says around 300 customers use the Accellion FTA, fewer than 100 were victims of the attack, and fewer than 25 suffered significant data theft. Threats were made to publish stolen data on the CL0P ransomware data leak site if the ransom was not paid. In January, several Accellion FTA customers reported receiving ransom demands for the return of stolen data. UNC2546 has been linked to the FIN11 hacking group and CL0P ransomware operation. The hacker then installed a web shell which was used to exfiltrate sensitive data.Īccellion explained in a Februpress release that Mandiant had investigated the security incident and attributed the attacks to a criminal hacker tracked as UNC2546. Some of those vulnerabilities were exploited by a threat actor to gain access to the vulnerable devices. The Accellion FTA is a legacy appliance that was released around 20 years ago as a secure file transfer solution for sharing files too large to send via email.Ī zero-day vulnerability in the product was first identified by Accellion in mid-December 2020, with a further three vulnerabilities subsequently identified. Kroger has announced it has suffered a data security incident involving the exploitation of SQL injection vulnerabilities in its Accellion File Transfer Appliance (FTA). Exploitation of Vulnerabilities in Accellion File Transfer Appliance Gave Hackers Access to Data of Kroger Customers
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |