The health department for the U.S. state of Illinois has confirmed that a years-long security lapse exposed the personal information of more than 700,000 state residents.
The Illinois Department of Human Services (IDHS) said in a statement on January 2 that an internal mapping website containing residents’ personal information, which officials used for assisting with the allocation of state resources, was inadvertently publicly viewable as far back as April 2021 through September 2025, when the security lapse was discovered. Officials said the exposed data included personal information on 672,616 individuals who are Medicaid and Medicare Savings Program recipients. The data included their addresses, case numbers, and demographic data — but not individuals’ names.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- FBI: Criminal Actors Use Business Email Compromise to Steal Large Shipments of Food Products and Ingredients
December 15, 2022
The Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the US Department of Agriculture (USDA) are releasing this joint Cybersecurity Advisory (CSA) to advise the Food & Agriculture sector about recently observed incidents of criminal actors using business email compromise (BEC) to steal shipments of food ...
- ‘Why wasn’t there a back-up plan?’: After One Brooklyn Health cyber attack, community leaders demand answers
December 15, 2022
Nearly a month after a cyber attack left the One Brooklyn Health system compromised, elected officials and medical professionals gathered outside of Brookdale Hospital Medical Center to call for additional resources — and to get the healthcare system’s three hospitals back online. “I am asking for resources and answers into this cyber attack that has crippled ...
- Sting op takes down 50 DDoS-for-hire domains
December 15, 2022
Police around the globe have seized as many as 50 internet domains said to be involved in tens of millions of distributed-denial-of-service (DDoS) attacks worldwide. Seven people were collared during the swoop. The so-called “booter” websites sold “some of the world’s leading DDoS-for-hire services,” allowing paying customers to launch these networking-flooding cyberattacks against chosen victims, according ...
- California Department of Finance dealing with cybersecurity incident; no state funds compromised
December 12, 2022
An investigation is underway after a cybersecurity incident involving the California Department of Finance. The California Cyber Security Integration Center (Cal-CSIC) confirmed the incident on Monday but offered few specifics. Officials did note, however, that no state funds had been compromised. Read more… Source: MSN News
- UK arrests five for selling ‘dodgy’ point of sale software
December 12, 2022
Tax authorities from Australia, Canada, France, the UK and the USA have conducted a joint probe into “electronic sales suppression software” – applications that falsify point of sale data to help merchants avoid paying tax on their true revenue. A Friday announcement from the Joint Chiefs of Global Tax Enforcement (known as the J5), states that ...
- US Health Dept warns of Royal Ransomware targeting healthcare
December 8, 2022
The U.S. Department of Health and Human Services (HHS) issued a new warning today for the country’s healthcare organizations regarding ongoing attacks from a relatively new operation, the Royal ransomware gang. The Health Sector Cybersecurity Coordination Center (HC3) —HHS’ security team— revealed in a new analyst note published Wednesday that the ransomware group has been behind ...