News Heading - 1

Cybersecurity Incident Affects Fidelity National Financial Services

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer

In a recent disclosure, Fidelity National Financial (FNF) revealed a cybersecurity breach that affected some of its systems.

The incident that resulted in service disruptions of certain FNF businesses, was reported in regulatory filings (Form 8-K) with the US Securities and Exchange Commission (SEC) on November 19, 2023. The affected services included, title insurance, escrow, mortgage transactions and technology to the real estate and mortgage industries.

However, the incident did not impact its majority-owned subsidiary, F&G Annuities & Life, provider of insurance solutions.

In the 8-K filing, FNF stated that it launched a third-party cybersecurity expert-assisted investigation, upon discovering the attack. In addition to notifying the concerned law authorities, it also temporarily blocked certain systems to contain the incursion.

Without going into details about the attack, FNF stated that the ongoing investigation revealed ‘’an unauthorized third party accessed certain systems and acquired specific credentials’’. It is further trying to determine the impact of the incident and assess its material impact on the company.

It also reiterated its commitment to resolving this incident and ensuring restoration of normal business operations quickly and safely.

Meanwhile, on November 22, the notorious ransomware gang, AlphV/ Black Cat claimed credit for the attack , adding the company to its leak site.

The threat actor did not clearly mention whether it had stolen any data from the targeted victim’s network. It claimed to reveal the information at a later date, if FNF refused to fulfill the ransom demands.

This incident comes close on the heels of the attack on Mr. Cooper Group , one of the largest mortgage service providers in the US. The attack had prompted the firm to temporarily lock down its systems, disrupting its mortgage payment services.

News Heading - 2

Welltok Security Breach Exposes Sensitive Data of Over 8 Million US Patients

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer

Welltok, an enterprise SaaS company in the healthcare segment, disclosed a security incident that affected more than 8 million patients in the US. Related to the MOVEit file transfer cyberattack, the incident exposed personal data of patients associated with several US health plan providers.

In late October, Welltok issued a notice wherein it revealed that despite applying Progress Software-issued security patches and updates, on July 26, 2023, its MOVEit Transfer server was breached .

Upon discovering the breach, the company in assistance with third-party cybersecurity experts launched an investigation that revealed exfiltration of certain patient data by attackers. The compromised data includes, patients’ name, address, phone number, and email ID.

The stolen information varies for each person. For some it includes their Social Security Numbers (SSNs), Medicare/Medicaid ID numbers, or Health Insurance information, while for others, health information like healthcare provider name, prescription name, or treatment code was exposed.

Healthcare providers like Blue Cross and Blue Shield, Corewell Health, Faith Regional Health Services, The Guthrie Clinic, Sutter Health, and more, based in various states including North Carolina, Kansas, Alabama, Michigan, Minnesota, and Massachusetts were impacted.

Additionally, member data of group health plans of Stanford Health Care, of Stanford Health Care, Lucile Packard Children’s Hospital Stanford, Stanford Health Care Tri-Valley, Stanford Medicine Partners, and Packard Children’s Health Alliance was also exposed during this.

Previously, estimates regarding the number of people impacted varied, as the full list of affected healthcare providers or patients was not disclosed by Welltock. However, the data published on the US Department of Health and Human Services breach portal, confirmed that 8,493,379 people were affected in total .

Earlier this year, the zero-day vulnerability (CVE-2023-34362) in Progress Software’s MOVEit file transfer software was exploited by the notorious Cl0p ransomware gang . This attack is said to have affected several corporate and government organizations across the world, resulting in data leaks and ransomware payouts.