Rite Aid has verified that a cyberattack resulted in the compromise of protected health information for potentially 24,400 customers. The illicitly accessed files included details such as names, birthdates, addresses, prescription records, and limited insurance particulars. Notably, the breach did not expose or pilfer any Social Security numbers or financial data. The attackers exploited a vulnerability to facilitate the attack, granting them access to sensitive data. An external vendor alerted Rite Aid to this vulnerability, and the company subsequently applied a remedy to rectify the security gap.
The vulnerability was first detected on May 31, 2023, while a subsequent forensic inquiry verified that data theft transpired on May 26, 2023. Though Rite Aid didn’t reveal the vendor, the timing and nature of the attack suggest the involvement of the Clop threat group. This group is known for large-scale attacks using a zero-day vulnerability in Progress Software’s MOVEIT Transfer solution.
Wake Family Eye Care Falls Victim to Ransomware Assault
Wake Family Eye Care, located in Cary, NC, recently experienced a ransomware attack.
This incident surfaced on June 2, 2023, upon discovering encrypted files within the system. The team promptly isolated the systems to prevent further unauthorized access, effectively resolving the situation on the same day. To determine the extent of the breach, they engaged a third-party forensics firm for an investigation. While they did not find concrete evidence of data theft, the potential for such theft could not be entirely dismissed.
Upon scrutinizing the files within the affected segment of the network, it was determined that they contained various sensitive details. These encompassed names, addresses, birthdates, partial or complete Social Security Numbers, numbers from driver’s licenses, passports, and other government-issued identification documents, insurance identification numbers, optical images, chart numbers, and pertinent eye-related records. Importantly, financial information remained uncompromised throughout the incident.
Catholic Charities of the Archdiocese of Newark Engages in Cyberattack Investigation
In Manheim Township, PA, the Lancaster Orthopedic Group has come across unauthorized entry into its network. This breach came to light on March 29, 2023, and subsequent scrutiny of the impacted files has indicated that there is a possibility of exposure of names, addresses, birthdates, Social Security numbers, medical treatment particulars, and insurance details. The incident has officially been reported to the HHS’ Office for Civil Rights, indicating an impact on at least 500 individuals, although it’s possible that up to 2,000 patients could have been affected.
