Keep Up with CORL: Vendor Breach Digest, 5/9/22

CORL Vendor Breach Digest

CORL continuously monitors cybersecurity events and alerts customers about organizations in their supply chain that have been breached. As part of our tech-enabled managed services for vendor risk management, we also follow up with vendors and track remediation and response activities following breach events.

Our Vendor Breach Digest provides a summary roll-up of major breach events for third-party vendors operating within the healthcare supply chain.

Okta and Microsoft are investigating claims of stolen data from the same threat actor, Lapsus$. Screenshots of the allegedly misappropriated data were shared by the group, but investigations by victims show no evidence of ongoing malicious activity. However, one of the posted screenshots indicates that Lapsus$ could change customer passwords using Okta's admin panel.

Read more about the Okta and Microsoft breach


SummaCare suffered a data leak from a misconfiguration affecting approximately 1,100 individuals. Member information was accessible via the Internet including names, health insurance ID numbers, patient account numbers, dates of service, provider names and limited treatment information.

Read more about the SummaCare breach


Healthplex, Inc experienced a phishing incident that may have impacted approximately 76,262 individuals. The data in the compromised email account included first and last name, address, group name and numbers, member ID numbers, plan affiliation, date of birth, date of service, provider name, ADA codes and their description, billed/paid amounts, prescription drug names, Social Security number, banking information, credit card numbers, username and password for the member portal, email address, phone numbers, and driver’s license numbers.

Read more about the Healthplex breach


GitHub suffered a breach from an unknown attacker who downloaded data from private code repositories including that of npm - the world’s largest software registry with 75 billion downloads a month. GitHub was compromised after the attacker stole authentication tokens from two other upstream software firms.

Read more about the GitHub breach


Arcare suffered a malware incident that enabled an unauthorized actor to access or acquire data. Information involved included names, Social Security numbers, driver’s license or state identification numbers, dates of birth, financial account information, medical treatment information, prescription information, medical diagnosis or condition information, and health insurance information.

Read more about the Arcare breach


American Dental Association suffered a cyberattack, causing them to shut down portions of their network while investigating the attack. Which disrupted various online services, telephones, email, and webchat.

Read more about the American Dental Association breach


T-Mobile experienced a breach by cybercrime group LAPSUS$ where their source code was stolen from a range of company projects.

Read more about the T-Mobile breach


Mental Health Center of Greater Manchester experienced a data security event with one of their vendors where privacy of certain information relating to MHCGM patients or those who were assessed for treatment by MHCGM may have been impacted. Information that may have been accessed included name, address, date of birth, Social Security number, diagnosis, medical information, discharge information, and treatment location and/or healthcare provider.

Read more about the Mental Health Center of Greater Manchester breach


Mountain Area Health Education Center experienced an improper disposal of paper/films that affected approximately 1115 individuals. Details are limited and the breach was reporting to the Department of Health and Human Services.

Read more about the Mountain Area Health Education Center breach


The State Bar of Georgia recently learned of unauthorized access to its network. They are still investigating the incident and have not determined what information, if any, the unauthorized actor may have accessed.

Read more about the State Bar of Georgia breach


McCarter & English experienced a network security incident that temporarily affected the availability of their computer systems.

Read more about the McCarter & English breach


Kaiser Foundation Health Plan suffered an unauthorized access/disclosure to their network server that affected approximately 695 individuals. Details are limited and the breach was reporting to the Department of Health and Human Services.

Read more about the Kaiser Foundation Health Plan breach


Touchstone Imaging experienced a data security breach that affected approximately 46,799 individuals. Affected information included names, addresses, Social Security numbers, medical information, and health insurance information.

Read more about the Touchstone Imaging breach


DialAmerica Marketing, Inc. detected an unauthorized user gained access to their computer network. While the leaked data varies based on the individual, it includes affected parties’ first names, last names, addresses, and other sensitive information.

Read more about the DialAmerica Marketing breach


Block, Inc. (formerly known as Square, Inc.) had an employee who had regular access to the records during their employment download customer records after leaving the company. The names, brokerage portfolio values and account numbers of past and present customers were compromised, affecting approximately 8,200,000 individuals.

Read more about the Block, Inc. breach


Parker Hannifin Corporation experienced a third-party breach to its system. Employee data and personal information may have been accessed.

Read more about the Parker Hannifin Corporation breach


MailChimp was hit by hackers who gained access to internal customer support and account management tools to steal audience data and conduct phishing attacks.

Read more about the MailChimp breach


HubSpot suffered a breach from a bad actor gaining access to an employee account and using it to target stakeholders in the cryptocurrency industry.

Read more about the HubSpot breach


Cytometry Specialists experienced a cyber-attack from the Conti Ransomware Gang. Files containing limited patient data were exfiltrated from its systems, which mostly contained patient names and case numbers used for identifying patients, but for limited patients also included addresses, dates of birth, medical record numbers, and health insurance information.

Read more about the Cytometry Specialists breach


Palo Alto Networks experienced an exposure of customer support tickets due to a bug in their support dashboard. Exposed information included contact name, title, email address and phone number of the customer creating the tickets. Contents of conversations between PAN support staff and customers were also exposed.

Read more about the Palo Alto Networks breach


Globant suffered a hacking by the Lapsus$ data extortion group. The hacking group release 70 GB archive of stolen data consisting of administrator credentials, source code and some customers source code.

Read more about the Globant breach


Gainwell Technologies, LLC suffered an unauthorized access/disclosure to their network server that affected approximately 2,765 individuals. Details are limited and the breach was reporting to the Department of Health and Human Services.

Read more about the Gainwell Technologies breach

CORL’s Managed Services & Next Generation Exchange of Vendor Risk Data

In order to combat these growing supply chain risks, CORL has developed a proprietary data clearinghouse that provides access to assessment results of over 80,000 vendor assessments CORL has conducted. Each year, CORL conducts thousands more vendor risk assessments on behalf of our clients. Chances are very high that we have already assessed a substantial portion of your existing and new vendors from a security, risk, and compliance perspective.

CORL’s tech-enabled managed services and next generation exchange of vendor risk data allows healthcare entities to:

  • Prioritize vendors for assessment and remediation
  • Make informed supply chain risk decisions
  • Scale vendor risk programs
  • Report on vendor risk across the entire vendor portfolio
  • Drive and track remediation
  • Validate controls and gain assurance
  • Track KPI, KRI, and SLA metrics on program performance
  • Identify trends in vendor types to anticipate breaches
  • Save time, money, and resources
  • Accelerate assessment turnaround times

Contact our team here at CORL to learn more about our managed services and next generation exchange for healthcare vendor risk data that gets results with regulatory compliance and lowers supply chain risks.

Most Recent Posts
Change Healthcare Cyber Attack: Implications for Third-Party Incident Response in Healthcare Cybersecurity Read More
Do You Understand Your Vendors' SOC 2 Reports? Read More
The Unintended Risks of Third-Party Cybersecurity Questionnaires  Read More