Hope McKenney reports: More than $2.3 million dollars has been returned to the City of Unalaska, after a nearly two-month federal investigation into a fraudulent financial request. Between May 15 and July 9, the city paid out $2,985,406.10 to a fraudulent bank account as a result of a phishing email scam. The sender of the…
Month: September 2019
Alive Hospice’s breach notification required a second breach notification
It occasionally happens that a breach or incident response creates a second incident of its own. That seems to be the case with Alive Hospice, as this newest press release suggests, but does this require second notification to HHS/OCR? My first impression is that it would, but I’m interested to hear what HIPAA lawyers might…
No municipality paid ransoms in ‘coordinated ransomware attack’ that hit Texas
Catalin Cimpanu reports: A coordinated ransomware attack hit 22 Texas local governments, but none of the impacted municipalities paid ransom demands, Texas state officials said this week. Three weeks after the incident took place, the Texas Department of Information Resources (DIR) said that more than half of the impacted entities are now back to operations…
Oh good grief, Saturday edition
Seen on Twitter: BREAKING: Dutch hospital that just got fined 460.000 euro by Dutch DPA for staff snooping in medical files, is in the news today again: staff used medical files as grocery list. Left them in shopping cart supermarket. Compliance is a cultural issue!https://t.co/LhVELzgL8J #GDPR — Jeroen Terstegge (@PrivaSense) September 7, 2019 A google…
Meridian Community College discloses a breach that was discovered in January
A breach notification by Meridian Community College demonstrates once again, why entities should make determined efforts not to leave emails in employee accounts that may have personally identifiable information in attachments or the emails themselves. In this case, the types of personal information included name, Social Security number, driver’s license number, passport number, date of…
Andy Frain Services reports stolen laptop, but were they also hacked?
Andy Frain Services has reported a breach to the California Attorney General’s Office. The breach reportedly occurred on May 2, and their letter to those affected begins: We are writing with important information regarding a recent security incident. The privacy and security of the personal information we maintain is of the utmost importance to Andy Frain…