Jessica Lyons reports: American energy contractor ENGlobal disclosed that access to its IT systems remains limited following a ransomware infection in late November. In a Monday filing with the US Securities and Exchange Commission (SEC), the company said it became aware of a cybersecurity incident on November 25 after criminals broke into its networks and locked…
Author: Dissent
Change Healthcare Data Breach Settlement Talks To Be Explored Early in MDL
Irvin Jackson reports: Parties involved in the federal Change Healthcare data breach lawsuits have been ordered to meet separately with a U.S. Magistrate Judge over the next two months, to discuss the most effective structure for settlement talks and the optimum timing for when negotiations should begin that may provide payouts to millions of Americans. The potential…
HHS Office for Civil Rights Imposes a $1.19 Million Penalty Against Gulf Coast Pain Consultants for HIPAA Security Rule Violations
In April 2019, DataBreaches reported that Gulf Coast Pain Consultants, LLC d/b/a Clearway Pain Solutions Institute had recently notified patients after discovering on February 20 that their EMR system had been accessed by a third party without authorization. At the time, they disclosed that 35,000 patients had been affected but they did not indicate that…
Bolton Walk-In Clinic in Ontario: lock down your backup already!
DataBreaches hates reporting on an incident when the entity has not yet secured misconfigured storage, but after four months of futile efforts to get a Canadian clinic to respond to responsible disclosures, maybe publication will help get them off the dime. Bolton Walk-In Clinic in Ontario has a data protection policy that says: We are…
Recent Texas Case Highlights Increasing Relevance of Privacy and Security Laws to E-Discovery Process
Of note from Hunton Andrews Kurth: On November 6, 2024, a Texas state district court jury found that a large e-discovery vendor violated Title 7, Chapter 33 of the Texas Penal Code, which provides that accessing a computer without its owner’s permission is a Class B misdemeanor. This case highlights the importance for e-discovery vendors…
Over 600,000 Records, Including Background Checks, Vehicle, and Property Records Exposed Online: SL Data Services/Propertyrec
Jeremiah Fowler reports finding another exposed database with a lot of personal information. This one may belong to SL Data Services, LLC, though Fowler notes that the folders inside it were named with separate website domains. “It appears that the company operates a network of an estimated 16 different websites, offering a range of information…