Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced an $80,000 settlement with Elgon Information Systems (Elgon), a Massachusetts company that provides electronic medical record and billing support services to covered entities, under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. OCR enforces the HIPAA Privacy,…
Year: 2025
Two ransomware groups claimed they attacked Rutherford County Schools. One leaked sensitive records. (UPDATED)
From the “Wait-What-Happened-Here Dept:” On October 19, the Black Suit ransomware group announced that they had attacked Rutherford County Schools in Tennessee. Their listing, posted on their dark web site, included what appears to be an indication of what data and how much data they were able to exfiltrate. It did not indicate whether they…
Many researchers are pseudonymous. That doesn’t justify ignoring their alerts.
For many years, the FTC has published guidance for businesses to Start with Security. Their advice has always included having a clear way to receive security alerts about vulnerabilities. That advice has been repeated in all updates, including their 2023 version. Why do I mention that now? Because once again, attempts to warn a company…
New York Modifies Data Breach Law Heading Into 2025
Liisa M. Thomas and Kathryn Smith of Sheppard Mullin write: As 2024 came to a close, New York Gov. Hochul signed two bills (A8872A and S2376B) amending New York’s data breach law. The modifications change both what constitutes personal information under the law, as well as modifying notification timing. The notice modification is now in effect; the…
India’s Digital Data Protection Framework: Safety, Trust and Resilience
Samaya Dharmaraj reports: In an era where digital transformation shapes every aspect of governance, business, and daily life, safeguarding citizens’ personal data has become a top priority for India. Recognising the critical need for a secure andaccountable digital ecosystem, the government has taken significant steps to establish a robust framework for data protection and cyber resilience. At…
Khalil Center’s impressively rapid incident response
HHS’s public breach tool added a listing today that was submitted by the Khalil Foundation (DBA Khalil Center). The center describes itself as a psychological and spiritual community wellness center advancing the professional practice of psychology rooted in Islamic principles. They are covered by HIPAA. On December 22, they notified HHS that 1153 individuals had…