Newsletter

Recent Breaches & Incidents

Ethan Grammer
Senior Infrastructure
& Cybersecurity Engineer

Guillermo Sanchez
Senior Cybersecurity Engineer

 

Fortinet confirms data breach after hacker claims to steal 440 GB of files

On September 12, 2024, Fortinet has confirmed a data breach following a hacker’s claim of stealing 440GB of files from the company. The breach was announced by a threat actor which was demanding a ransom. The breach highlights ongoing security challenges in the industry, emphasizing the importance of robust cybersecurity measures.

Fortinet issued a notice stating the company is investigating the breach and has implemented measures to secure its environment. Fortinet reassured customers that they are prioritizing transparency and are working to mitigate any potential impact. They also emphasized their commitment to enhancing security protocols and will provide updates as the situation develops.

External Links:

Bleeping Computer

Biotech Company Reaches $4.5 million Settlement for 2023 Data Breach 

It was announced on September 11, 2024, that EnzoBiochem, a New York based biotechnology company reached a settlement with the states of New York, New Jersey, and Connecticut that would cost them $4.5 million as a result of their 2023 data breach. Of the $4.5 million that EnzoBiochem is required to pay, the state of New York will receive roughly $2.8 million of the settlement based on the number of residents that were impacted by the breach.

In 2023, EnzoBiochem experienced a data breach that impacted 2.4 million patients as a result of exploited employee credentials. Among the data stolen by the threat actors was personal information, including names, dates of birth, social security numbers, and medical diagnosis information. It was also reported at the initial time of breach that EnzoBiochem did not have a system in place for suspicious activity monitoring.

External Links:

RegulatoryOversight

CMS Third-Party Data Breach Impacts 964,000 Individuals 

On September 6, 2024, The Centers for Medicare & Medicaid Services (CMS) announced that a third-party vendor had suffered a data breach that impacted more than 964,000 individuals and resulted in the compromise of personally identifiable information (PII). CMS released recommendations for impacted individuals to freeze their credit and enroll in credit monitoring services to prevent potentially malicious activity utilizing their PII.

The Wisconsin Physicians Service Insurance Corporation (WPS) is reported to be the third-party that suffered the data breach which impacted CMS. It was reported that threat actors took advantage of an unpatched vulnerability within the MOVEit software in May 2023, although CMS was not notified of the breach until July 2024. WPS indicated that initial investigation in May 2023 did not find that PII was a part of the breach, but later forensic investigation that took place in cooperation with law enforcement did find that there was PII found among the compromised data.

External Links:

Tech Target

Celito is a team of experienced IT Executives, Industry Professionals, and Business Consultants focused on the life sciences industry.

Celito Tech, Inc.

CORPORATE  HEADQUARTERS

2100 Geng Road Suite #210

Palo Alto, CA 94303

US OFFICE LOCATION

842 Main St.

Redwood City, CA 94063

+1 650.374.2121

Celito Tech, Inc.

INDIA OFFICE LOCATION

Celito Tech India Pvt Ltd.

Flat No.A105, 1st Floor

Aditya's Imperial Heights,

Hyderabad, Rangareddi-500049

Telangana, India

+91 984.902.4174

Privacy Policy  |  Cookie Policy  |  Terms of Service  |  Copyright 2021 © Celito Technology Inc