Q4 '24 Data Breaches 

PARKLAND HEALTH
Whether it's where you shop, bank or browse, cybersecurity breaches have become an unfortunate fact of our online lives. But there's an extra sensitivity to the theft of medical information. 
Parkland Health in Dallas is the latest to report a data breach.
"It's a huge problem," said Ben Singleton with NetGenius. "And the reason that we haven't really seen any progress in it is because there's no enforcement of cybersecurity requirements on medical providers." Singleton, a cybersecurity expert, said that this is not a nosy neighbor concern: the end game is likely fraud, and Medicaid is a prized target.
"And so these claims start getting paid," said Singleton, "and they continue using information that they've gathered from these breaches to file more and more claims. And that's essentially how they're using it."

UNITED HEALTH
UnitedHealth has confirmed for the first time that over 100 million people had their personal information and healthcare data stolen in the Change Healthcare ransomware attack, marking this as the largest healthcare data breach in recent years.
In May, UnitedHealth CEO Andrew Witty warned during a congressional hearing that "maybe a third" of all American's health data was exposed in the attack.
A month later, Change Healthcare published a data breach notification warning that the February ransomware attack on Change Healthcare exposed a "substantial quantity of data" for a "substantial proportion of people in America."

CISCO
Cisco has confirmed to BleepingComputer that it is investigating recent claims that it suffered a breach after a threat actor began selling allegedly stolen data on a hacking forum.

FIDELITY INVESTMENTS 
Fidelity Investments reported in a filing with Maine’s attorney general that an unnamed third party accessed information from its systems using two recently established customer accounts. It did not say how the creation of two Fidelity customer accounts allowed access to the data of thousands of other customers.
"We detected this activity on August 19 and immediately took steps to terminate the access," Fidelity stated in a letter sent to those affected. The company confirmed that the data breach compromised the personal information of over 77,000 customers but did not involve any access to their Fidelity accounts. This incident still represents only a small portion of its overall customer base of 51.5 million.
The breach occurred between Aug. 17 and 19 when an attacker accessed customer names and other personal identifiers, including Social Security numbers and driver’s licenses. Fidelity was able to stop the unauthorized access on Aug. 19 after detecting the breach.

RACKSPACE 

Cloud hosting provider Rackspace suffered a data breach exposing "limited" customer monitoring data after threat actors exploited a zero-day vulnerability in a third-party tool used by the ScienceLogic SL1 platform.
ScienceLogic confirmed to BleepingComputer that they quickly developed a patch to address the risk and distributed it to all impacted customers while still providing assistance where needed.
"We identified a zero-day remote code execution vulnerability within a non-ScienceLogic third-party utility that is delivered with the SL1 package," explained a statement from Jessica Lindberg, Vice President at ScienceLogic.