PogoWasRight, ICYMI: DataBreaches has been tracking Fortra/GoAnywhere clients that had protected health information caught up in Clop's 0-day attack.
In Part 1, I cover 6 entities that have disclosed their breaches, in part or whole. Five of them are also listed on Clop's site because Clop tried to extort them directly: https://www.databreaches.net/the-fortra-goanywhere-breach-also-affected-healthcare-entities-heres-what-we-know-so-far/
In Part 2, I cover 8 U.S. and 1 Canadian entity where I could find no public disclosures. They, too, are on Clop's leak site and patient data is already leaking in most of these cases:
https://www.databreaches.net/the-fortra-goanywhere-breach-also-affected-healthcare-entities-heres-what-we-know-so-far-part-2/So once again, many patients are not finding out from the covered entities that their data is already exposed on the dark web.
#databreach #HealthSec #infosec #cybersecurity #BusinessAssociate #Vendor #FileTransfer #transparency #disclosure #notification #HHS #HIPAA #HITECH