The Norwegian data protection authority (Datatilsynet) has imposed an administrative fine of NOK 250,000 [USD $22,669.69] on Grue municipality for breach of GDPR requirements. They explain: Personal data that should have been confidential was made available to unauthorised persons in the municipality’s public records. This constitutes a breach of the municipality’s duty to ensure adequate…
Author: Dissent
Today’s reminder of the insider threat: LG Electronics USA
From a notification sent to the New Hampshire Attorney General’s Office by external counsel for LG Electronics U.S.A. (LGEUS): Earlier this month, in the course of investigating certain matters relating to a recent resignation by a (now former) Payroll Manager at LGEUS, the Company determined that the former employee — during the course of their…
HHS Office for Civil Rights Settles HIPAA Ransomware Cybersecurity Investigation for $90,000
HHS OCR announced a second ransomware investigation settlement today. This one involved Bryan County Ambulance Authority (BCAA), a provider of emergency medical services in Oklahoma. The Bryan County Ambulance Authority breach occurred in November 2021, but was only first reported to HHS on May 18, 2022. It affected 14,273 patients. HHS’s press release (below) notes…
Open Letter to Prioritize Community Cybersecurity
Over on Infosec.Exchange, Wendy Nather mentioned an open letter that is noteworthy for its approach to improving cybersecurity. The letter to presidential candidates’ transition teams, relevant federal agencies, and members of Congress begins: The federal government focuses primarily on cybersecurity as it relates to national security. This priority is essential, but the framing allows many small,…
How many similar breaches can one entity have in one year before regulators do something?
How many data breaches can an entity have before either some regulator steps in with a corrective action plan or something happens to reduce the likelihood of more breaches? Consider the following: Breach # 1 On February 22, 2022, Minuteman Senior Services (MSS) identified suspicious activity related to an employee’s email account. According to the notification…
HHS Office for Civil Rights Settles Ransomware Cybersecurity Investigation for $500,000
A press release from HHS OCR today announces a settlement with Plastic Surgery Associates of South Dakota. In July 2017, DataBreaches reported that the entity was notifying 10,200 patients after a ransomware incident. Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), announced a settlement with Plastic Surgery…