David Foot reports: According to newspaper reports, there’s been a privacy breach at Belleville General Hospital, in what Quinte Health Care officials are calling an isolated incident. The Belleville Intelligencer report says a nurse was fired over the incident for accessing “hundreds of patient records” and that, while QHC staff are trying to nail down…
Month: January 2019
‘Worst’ Ransomware Attack Hits Salisbury Police Department in Maryland
NBC Washington reports: A Maryland police department says it experienced its “worst computer network attack” in its history, after the attacker accessed its network through a longtime software vendor. Salisbury police Capt. Rich Kaiser tells The Daily Times of Salisbury that the department’s entire internal computer network was compromised Jan. 9 in a ransomware attack….
Millions of bank loan and mortgage documents have leaked online (UPDATED)
Update: One day later, the story of the OpticsML breach got much worse when Bob Diachenko found a second exposure involving the vendor. Read about it here. Original post: Zack Whittaker reports on a leak discovered by Bob Diachenko of Security Discovery: A trove of more than 24 million financial and banking documents, representing tens…
DHS: Emergency Directive 19-01
From the Department of Homeland Security: January 22, 2019 Mitigate DNS Infrastructure Tampering This page contains a web-friendly version of the Cybersecurity and Infrastructure Security Agency’s Emergency Directive 19-01, “Mitigate DNS Infrastructure Tampering”. Section 3553(h) of title 44, U.S. Code, authorizes the Secretary of Homeland Security, in response to a known or reasonably suspected information…
Alaska notifying at least 500,000 residents about data security breach previously disclosed in June
Update: The state subsequently revised its estimate to 87,000 letters. How did it get the numbers so wrong — apart from the question of why it has taken so long to send out notifications. This does NOT inspire confidence in the state’s ability to protect ePHI and to notify people promptly in the event…
Class action settlement reached in Sonic data breach case
There’s been a settlement reached in a Sonic breach first reported by KrebsOnSecurity in 2017. KFOR reports that the settlement notice includes a statement: “The Settlement includes all residents of the United States of America who made a purchase at any one of the 325 impacted Sonic Drive-In locations and paid using a credit or…