BLOG

Our Vendor Breach Digest provides a summary roll-up of major breach events for third-party vendors operating within the healthcare supply chain. Breaches covered in this release: Kronos, Microsoft Exchange Outlook Web Access, BioPlus, QRS, BDO, The Medical Review Institute of America, Doxy.me, Jefferson Surgical Clinic, EMI Health, Neuro-Rehab Associates, UScellular, Georgia Bone and Joint Surgeons, Anthem, Walgreens, Daniel J. Edelman Holdings, A New Leaf Inc, Ibex, Ciox Health, Broward Health, UAW Retiree Medical Benefits, T-Mobile, Southern Orthopaedic Association, CompuGroup Medical & Bertelsmann, and Fiondella, Milone & LaSaracina LLP. Read More

A far-spanning zero-day vulnerability was exposed over the weekend for the ubiquitous open-sourced logging utility called Log4j. CORL is actively working with our customers and vendor population to understand the extent of deployment of Log4j in the vendor community and the impact and risk exposure it may create for our customers. This blog provides a short summary of the Log4j vulnerability, as well as recommendations for remediation and risk mitigation for organizations and their third-party vendors. Read More

Our Vendor Breach Digest provides a summary roll-up of major breach events for third-party vendors operating within the healthcare supply chain. Breaches covered in this release: DNA Diagnostic Center, Ace Surgical Supply, Maxim Healthcare Services, Panasonic, Planned Parenthood, Boulder Neurosurgical and Spine Associates, Medsurant, Region IV Area Agency on Aging, Bureau Veritas, Mowery Clinic, Saltzer Medical Group, Blue Shield of California, Maryland Department of Health, Supernus Pharmaceuticals, Episcopal Retirement Services, Continental American Insurance, Anthem, Nationwide Laboratory Services, and Anthem Blue Cross of California. Read More

Our Vendor Breach Digest provides a summary roll-up of major breach events for third-party vendors operating within the healthcare supply chain. Breaches covered in this release: Limeade, Wiggin and Dana LLP, PracticeMax, VillageHealth, Anthem, Accenture, Microsoft, Independent Health Corporation, EMI Health, Orange County Health Care Agency, American Osteopathic Association, GitHub, Acer, and Olympus. Read More

Breaches covered in this release: Epilepsy Foundation of Texas, CVS Pharmacy, Aetna, Humana, Quickbooks, Zenith American Solution, Digital Insurance / OneDigital, OSF Healthcare, Facebook, Springhill Medical Center, Georgia Department of Human Resources, State of Alaska Department of Health & Social Service, Navistar, Griffith Energy Services, Advocate Lutheran General Hospital, Coos County Family Services, COA of Southwestern Ohio, and Cox Media. Read More

Our Vendor Breach Digest provides a summary roll-up of major breach events for third-party vendors operating within the healthcare supply chain. Breaches covered in this release: Apple & FitBit, MapMyFitness, Microsoft, Sony, & Google, Walgreens, TTEC, Fortinet, Vista Radiology, Thomas Eye Group, CoxHealth, Jackson Health System, Facebook, Ottawa Hospital Research Institute, and Resource Anesthesiology Associates (RAA). Read More

CORL continuously monitors cybersecurity events and alerts customers about organizations in their supply chain that have been breached. Our Vendor Breach Digest provides a summary roll-up of major breach events for third-party vendors operating within the healthcare supply chain. Breaches covered in this release: Microsoft Power Apps, Fujitsu, Nova Biomedical, State of Maryland Board of Podiatry, Sandhills Center, State of Indiana, Nashua Regional Cancer Center, DuPage Medical Group, Metro Infectious Disease Consultants, North Country Healthcare, JPMorgan Chase, and T-Mobile Read More

Another gargantuan cyber-attack on the global supply chain took place over the holiday weekend which saw over 1,500 businesses infected with ransomware. The attackers exploited a vulnerability in the third-party software for Kaseya, which provides back-office IT solutions and managed services for small and mid-sized businesses. The breach comes on the heels of other massive supply chain attacks against SolarWinds, Microsoft, and other major third-party vendors. Read More