A new press release from HHS today reveals that multiple breaches in 2017 contributed to HHS finding significant problems with Aetna: Aetna Life Insurance Company and the affiliated covered entity (Aetna) has agreed to pay $1,000,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to…
Month: October 2020
Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo
Brian Krebs has additional information on the Gunnebo attack mentioned yesterday in discussing the leak of security-related files concerning the Swedish parliament: In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. In August, Gunnebo said it…
MO: Fort Zumwalt investigates data breach involving student
Karis K. Gamble reports: The Fort Zumwalt School District investigated a data breach involving a student. According to Administrative Assistant to the Superintendent Laura Wagner, a student accessed one of the district’s servers without authorization. Read more on FOX2. The student, whose grade and school were not disclosed, reportedly told the district that they had…
Update: St. Lawrence Health confirms ransomware attack
Yesterday, this site suggested that reports coming out of the St. Lawrence Health System sounded like a ransomware attack. The system has subsequently confirmed that computers at Canton-Potsdam, Massena and Gouverneur hospitals were hit with ransomware, which the system describes as a never-before seen variant of Ryuk ransomware. Hospital officials also claim that it appears that…
PH: NPC to allow data breach victims to apply for cease-and-desist orders
Jenina P. Ibañez reports: Victims of personal data breaches may request cease-and-desist orders from the National Privacy Commission (NPC) if the breach violates their privacy rights and causes “irreparable injury.” The NPC, in circular no. 20-02 signed on Oct. 6, said that it may issue such orders in the event of violations or threats to…
An Interview with “UNKN” Sheds Light on REvil’s Operations & Future Victims
Yelisey Boguslavskiy writes: On October 23, 2020, a Russian-speaking tech blog YouTube channel “Russian OSINT” published an interview with one of the representatives of the REvil ransomware syndicate – “UNKN”/”Unknown”. A twenty-minute interview covers important subjects such as victims, tactics, and strategies employed by REvil. While some of the information shared by UNKN has already…