Leslie A. Pappas reports: The Delaware House has moved legislation that would strengthen the state’s data breach notification law. The bill would require any person doing business in Delaware to safeguard personal information. It would expand the definition of personal information to include medical information, biometric data, user names and passwords, passport numbers, routing numbers…
Month: July 2017
So many notifications due to ransomware, but are these really necessary?
Another entity has recently notified patients whose protected health information was on a server infected with ransomware. Once again, even though investigation turned up no evidence that any patient’s PHI was actually accessed or exfiltrated, entities are notifying – on the side of caution and/or because HHS requires them to in the absence of firm…
Cove Family & Sports Medicine recovers from ransomware, but loses some data
There are different metrics for describing the impact of a breach, but one of the ones I use in my subjective system is whether patient data that might be needed for care have been lost, stolen, or corrupted. In June, there were a lot of data breaches or security incidents and many involved ransomware. One…
Trump Hotels notifies some guests of payment card breach that began in 2016
Trump Hotels is sending out data breach notification letters to hotel guests after a service provider notified them of a breach that began in August 2016 but was only detected this year. In their letter, they explain: We are writing to you because of an incident involving unauthorized access to guest information associated with your…
SQL Injection Vulnerability in WP Statistics
If you’re using the WordPress plugin WP Statistics, you might want to stop and immediately read John Castro’s post, SQL Injection Vulnerability in WP Statistics.
Ukraine points finger at Russian security services in recent cyber attack
Pavel Polityuk reports: Ukraine said on Saturday that Russian security services were involved in a recent cyber attack on the country, with the aim of destroying important data and spreading panic. The SBU, Ukraine’s state security service, said the attack, which started in Ukraine and spread around the world on Tuesday, was by the same…