Settlement with Northeast Surgical Group marks OCR’s 10th ransomware enforcement action and 4th enforcement action in OCR’s Risk Analysis Initiative. Today the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement with Northeast Surgical Group, P.C. (NESG), a provider of surgical services in Michigan, for a potential violation…
FTC Takes Action Against GoDaddy for Alleged Lax Data Security for Its Website Hosting Services
Proposed order will prohibit GoDaddy from misleading customers about its security protections and require it to establish a robust information security program January 15, 2025 The Federal Trade Commission will require web hosting company GoDaddy to implement a robust information security program to settle charges that the company failed to secure its website-hosting services against…
New Amazon Ransomware Attack—‘Recovery Impossible’ Without Payment
Davey Winder reports: Ransomware is a cybersecurity threat that just won’t go away. Be it from groups such as those behind the ongoing Play attacks, or kingpins such as LockBit returning from the dead the consequences of falling victim to an attack are laid bare in reports exposing the reach of ransomware across 2024. A new ransomware threat, known as…
HHS Office for Civil Rights Settles HIPAA Phishing Cybersecurity Investigation with Solara Medical Supplies, LLC for $3,000,000
In 2019, DataBreaches reported that Solara Medical Supplies in California was notifying more than 110,000 patients after an attacker gained access to some employees’ email accounts via phishing. Solara was subsequently sued and settled claims for $9.76 million. Now today, HHS OCR announced a settlement with Solara: Today the U.S. Department of Health and Human…
UK floats ransomware payout ban for public sector
Connor Jones reports: A total ban on ransomware payments across the public sector might actually happen after the UK government opened a consultation on how to combat the trend of criminals locking up whole systems and taxpayers footing the bill. The consultation will consider views on extending the ransom payment ban from central government departments…
Robinhood to Pay $45 Million SEC Settlement Over Data Breach, Other Violations
Alexander Osipovich reports: Two brokerage units of Robinhood Markets agreed to pay $45 million to settle an investigation by the Securities and Exchange Commission into a range of alleged violations, including one stemming from a 2021 data breach that exposed millions of customer names and emails. … In the November 2021 breach, email addresses for about…