Uh-oh, another data breach! This time, it’s the Financial Business and Consumer Solutions (FBCS), a nationally licensed debt collection agency in the U.S., that’s grabbing headlines. They’ve recently warned nearly 2 million impacted individuals that their systems were compromised, and unauthorized access was detected.

What happened at FBCS?

FBCS specializes in collecting unpaid debts from various sectors, including consumer credit, healthcare, commercial, auto loans and leases, student loans, and utilities. In late February 2024, they discovered that unauthorized actors had breached their network and had access to sensitive data since February 14, 2024. The intrusion lasted for nearly two weeks before being detected.

What data was exposed?

During the breach, the unauthorized actor had the ability to view or acquire certain information on the FBCS network. The exposed data includes:

• Full name
• Social Security Number (SSN)
• Date of birth
• Account information
• Driver’s license number or ID card

This is some pretty sensitive stuff! With access to this information, individuals are at a higher risk of falling victim to phishing, fraud, and social engineering attacks. That’s why FBCS is providing those affected with instructions to enroll in 12 months of credit monitoring through Cyex, hoping to prevent any further damage.

What’s being done to prevent this from happening again?

As an IT Services company, we understand that such incidents can have severe consequences for the victims. FBCS has taken steps to implement additional security measures in a newly built environment to prevent similar incidents from occurring in the future.

What can you do if you’re affected?

If you’re one of the unlucky recipients of the data breach notifications, it’s crucial to remain vigilant against unsolicited communications and monitor your account statements and credit reports for suspicious activity. At the time of writing, no ransomware groups have claimed responsibility for the attack at FBCS, but it’s always better to stay cautious.

Stay informed and stay protected

As cybersecurity experts, we know that staying informed is the best defense against cyber threats. That’s why we encourage you to keep coming back to learn more about the ever-evolving world of cybersecurity. Together, we can make the digital world a safer place for everyone.

Imagine going to the doctor, only to find out that your private information has been leaked to third-party companies. That’s exactly what happened to millions of people in the United States when healthcare service provider Kaiser Permanente disclosed a data security incident.

Kaiser Permanente is a huge name in the world of healthcare, operating as an integrated managed care consortium and one of the largest nonprofit health plans in the U.S. With 40 hospitals and 618 medical facilities across the nation, it’s a big deal when they report a security breach.

So, just how many people were affected by this breach? Approximately 13.4 million current and former members and patients had their information leaked to third-party trackers installed on Kaiser’s websites and mobile applications.

What Information Was Leaked?

According to Kaiser Permanente, the leaked data may include IP addresses, names, information that could indicate a member or patient was signed into a Kaiser Permanente account or service, details showing how a member or patient interacted with and navigated through the website and mobile applications, and search terms used in the health encyclopedia.

Now, you might be thinking, “That doesn’t sound too bad.” But here’s the thing: information collected by online trackers is often shared with an extensive network of marketers, advertisers, and data brokers. So, your private health information could be in the hands of people you never intended to share it with.

Thankfully, the data exposed in this incident does not include usernames, passwords, Social Security Numbers (SSNs), financial account information, or credit card numbers.

What Is Kaiser Permanente Doing About It?

After discovering the trackers through a voluntary internal investigation, Kaiser Permanente removed them and implemented additional measures to prevent similar incidents from happening in the future.

While they are not aware of any cases of the exposed information being misused, they will notify individuals who accessed their sites and used their mobile apps out of an abundance of caution.

This isn’t the first time Kaiser Permanente has dealt with a data breach. In June 2022, they disclosed a breach that exposed the health information of 69,000 people, caused by unauthorized access to an employee’s email account.

What Can You Do to Protect Yourself?

Data breaches are becoming more and more common, and it’s essential to stay informed and proactive in protecting your personal information. If you’re concerned about your data privacy, consider reaching out to us at IT Services. We’re here to help you navigate the ever-changing landscape of cybersecurity and ensure your private information stays private.

Don’t wait until it’s too late. Contact us today and let us help you safeguard your digital life.

Imagine this: you’re a patient in Los Angeles County, home to the most populous county in the United States. You rely on your local hospitals and clinics for your healthcare needs. One day, you receive a letter informing you that your personal and health information has been exposed in a data breach. How would you feel?

A Massive Phishing Attack in L.A. County

This frightening scenario recently unfolded for thousands of patients in L.A. County. The Department of Health Services, which operates the public hospitals and clinics in the area, had to disclose a data breach after a phishing attack impacted over two dozen employees. These mailboxes contained sensitive information for about 6,085 individuals, making this a significant incident.

How Did This Happen?

It all started with a phishing email. A hacker duped 23 employees into clicking a link that appeared to be a legitimate message from a trustworthy source. This simple action gave the attacker access to the employees’ mailboxes, and ultimately, to patients’ personal and health data.

Among the compromised information were patients’ names, dates of birth, home addresses, phone numbers, email addresses, medical record numbers, client identification numbers, dates of service, medical information (such as diagnosis, treatment, test results, and medications), and health plan information. Thankfully, no Social Security Numbers or financial information were exposed in this breach.

Responding to the Breach

Upon discovering the breach, the L.A. County Health Services took swift action. They disabled the impacted email accounts, reset and re-imaged the compromised employees’ devices, and quarantined suspicious incoming emails. The health system also sent out awareness notifications to all employees, reminding them to be vigilant when reviewing emails, especially those containing attachments or links.

In addition, the health system plans to notify the U.S. Department of Health & Human Services’ Office for Civil Rights, the California Department of Public Health, and other relevant agencies about the data breach. While no evidence was found that the attackers accessed or misused the exposed information, L.A. County Health Services advises affected patients to contact their healthcare providers to verify the content and accuracy of their medical records.

A Call to Action: Let’s Protect Our Data Together

This incident serves as a stark reminder of the importance of cybersecurity in the healthcare sector. As patients, we trust our healthcare providers with our most sensitive information, and we must demand that they take every measure to protect it.

As an IT Services company, we understand the challenges healthcare organizations face in safeguarding personal and health information. We encourage you to reach out to us, learn more about our services, and take proactive steps to protect your data. Together, let’s create a safer digital world for all.