AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 5/10/2024

Ascension warns of suspected cyberattack; clinical operations disrupted

Hospital operator Ascension reported disruptions to its clinical operations on Wednesday due to a suspected cybersecurity incident and advised business partners to temporarily disconnect from its systems. Earlier this year, UnitedHealth (UNH.N), opens new tab, the largest U.S. health insurer, had reported a cyberattack at its technology unit – one of the worst hacks to hit American healthcare – that caused widespread disruptions in payments to doctors and health facilities. “Out of an abundance of caution we are recommending that business partners temporarily suspend the connection to the Ascension environment,” the healthcare network said in a statement.


Dell discloses data breach of customers’ physical addresses

Technology giant Dell notified customers on Thursday that it experienced a data breach involving customers’ names and physical addresses. In an email seen by TechCrunch and shared by several people on social media, the computer maker wrote that it was investigating “an incident involving a Dell portal, which contains a database with limited types of customer information related to purchases from Dell.” Dell wrote that the information accessed in the breach included customer names, physical addresses and “Dell hardware and order information, including service tag, item description, date of order and related warranty information.” Dell did not say if the incident was caused by malicious outsiders or inadvertent error.


Despite big tech lobbying, Maryland passes two internet privacy bills

The Maryland legislature passed two bills over the weekend limiting tech platforms’ ability to collect and use consumers’ data. Maryland Governor Wes Moore is expected to sign one of those bills, the Maryland Kids Code, on Thursday, MoCo360 reports. If signed into law, the other bill, the Maryland Online Privacy Act, will go into effect in October 2025. The legislation would limit platforms’ ability to collect user data and let users opt out of having their data used for targeted advertising and other purposes. Together, the bills would significantly limit social media and other platforms’ ability to track their users — but tech companies, including Amazon, Google, and Meta, have opposed similar legislation.


US-Based Urgent Care and Ambulance Service Discloses Cyberattack

New York-based mobile urgent care firm and ambulance service DocGo recently suffered a cyberattack that enabled threat actors to access the personal information of an undisclosed number of patients. DocGo is a healthcare firm that provides mobile health services, ambulance services and remote monitoring across the UK and thirty US states. According to a FORM 8-K filing filed with the Securities and Exchange Commission, the healthcare provider said the incident impacted a “limited number of healthcare records” from its US-based ambulance transportation systems.


Leaked FBI email stresses need for warrantless surveillance of Americans

A Federal Bureau of Investigation official recently urged employees to “look for ways” to conduct warrantless surveillance on US residents, an internal email obtained by Wired shows. FBI Deputy Director Paul Abbate’s email was reportedly sent on April 20, the same day President Biden signed a bill that was criticized as a major expansion of warrantless surveillance under Section 702 of the Foreign Intelligence Surveillance Act (FISA). Abbate’s email seems to argue that FBI employees should make frequent use of warrantless surveillance on US people in order to justify the continued existence of the program. “To continue to demonstrate why tools like this are essential to our mission, we need to use them, while also holding ourselves accountable for doing so properly and in compliance with legal requirements,” Abbate wrote, according to Wired.


Related Posts