December 9 enforcement action by the Privacy Commission of Hong Kong: Data Breach Incident of the Electrical and Mechanical Services Department (EMSD) The investigation arose from a data breach notification submitted by the EMSD to the PCPD on 1 May 2024, reporting its suspicion that the personal data of members of the public in its possession was…
HHS OCR settles charges that Inmediata Health Group exposed 1.6 million patients’ PHI online
The following announcement by HHS OCR stems from an accidental exposure of protected health information online that continued for several years. Inmediata’s incident resulted in a class action lawsuit that was settled for $1.1 million in 2022, and a settlement with 33 states for $1.14 million in 2023. HHS seems to be the first to…
China-Based Hacker Charged for Conspiring to Develop and Deploy Malware That Exploited Tens of Thousands of Firewalls Worldwide
A federal court in Hammond, Indiana, unsealed an indictment today charging Guan Tianfeng, a citizen of the People’s Republic of China (PRC) for his involvement in a conspiracy to hack indiscriminately into firewall devices worldwide in 2020. Guan and his co-conspirators worked at the offices of Sichuan Silence Information Technology Co. Ltd. to discover and…
Wyden seeks stricter telecom cyber standards following Salt Typhoon breach
Martin Matishak reports: Sen. Ron Wyden on Tuesday unveiled legislation that would require the Federal Communications Commission to set cybersecurity standards for telecom companies, as the policymakers grapple with the ongoing breach of U.S. phone networks by Chinese hackers. The draft measure from the Oregon Democrat comes days after Senate lawmakers received a classified briefing about the wide-scale…
Hudson Valley Health Care Facility Operator Fined $1.4M for Failing to Protect Patient Data; $850,000 suspended
Once again, we see a state attorney general taking data protection enforcement action against a healthcare entity when HHS hasn’t. The incident referred to below was reported to HHS’s public breach tool in December 2023, but there is no notation that any HHS investigation into it has been closed. From the NYS Attorney General’s Office,…
Hackers are exploiting a flaw in popular file-transfer tools to launch mass hacks, again
Carly Page reports: Security researchers are warning that hackers are actively exploiting another high-risk vulnerability in a popular file transfer technology to launch mass hacks. The vulnerability, tracked as CVE-2024-50623, affects software developed by Illinois-based enterprise software company Cleo, according to researchers at cybersecurity company Huntress. The flaw was first disclosed by Cleo in a security…