There’s an update to the Florida Healthy Kids breach that was due to their vendor, Jelly Bean Communications, not patching vulnerabilities for seven years. The incident was reported to HHS in January 2021 as impacting 3.5 million patients. Today, the U.S. Department of Justice announced: Jelly Bean Communications Design LLC (Jelly Bean) and Jeremy Spinks…
Author: Dissent
No need to hack when it’s leaking, DC Health Link edition
On March 12, DataBreaches reported on the Health Benefit Exchange Authority data that was first leaked by a forum user known as “IntelBroker” and then by “Denfur.” The DC Health Link incident attracted a lot of media attention because it involved members of Congress, their staff, and their families. As StateScoop reported today, DC Health…
Monetary Authority of Singapore Sets Out Revised Expectations for Notification of Data Breaches by Licensed Insurers
Rajesh Sreenivasan, Steve Tan, Benjamin Cheong, Lionel Tan, Tanya Tang, Wong Onn Chee, Simon Goh, and Wang Ying Shuang of Rajah & Tann Asia write: On 22 February 2023, the Monetary Authority of Singapore (“MAS“) issued Circular No. ID 03/23 – Notification of Data Breaches to the Monetary Authority of Singapore (“Circular 03/23“). Circular 03/23…
Data from Vietnam’s state-owned oil and gas group and affiliated firms leaked
Three Vietnamese firms involved in the petroleum industry and infrastructure may first be learning that some of their files are being given away freely on BreachForums. Forum user Kernelware posted a listing early Tuesday, identifying the firms as PetroVietnam, Long Son Petrochemicals, and POSCO Engineering & Construction. Kernelware’s post also notes, “…these are just the…
Lawsuit filed against Lehigh Valley Health Network after ransomware gang leaks sensitive patient data online
The following lawsuit and press release were predictable. Could LVHN have protected sensitive patient information better? If so, is less than perfect security somehow “negligent?” And if they are found to be negligent, how will LVHN be held accountable, and how on earth will patients ever come close to being made whole from a breach…
Ransomware Vulnerability Warning Pilot (RVWP)
The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), which President Biden signed into law in March 2022, required CISA to establish the RVWP (see Section 105 [6 U.S.C. 652]). ALERT CISA Announces Ransomware Vulnerability Warning Pilot Release Date March 13, 2023 Today, CISA is announcing the creation of the Ransomware Vulnerability Warning…