Matt Fisher writes: The early days of February 2023 saw two very different settlements announced related to healthcare data breaches. One arguably follows a well-known course and the other could be a sign of things to come. After having a health breach notification rule on the books since 2009, the Federal Trade Commission (“FTC”) had…
Author: Dissent
The FBI tried in vain: The Russian case against REvil turned out to be insignificant
The following is a machine translation of an article on Kommersant.ru: The FBI tried in vain As it became known to “Kommersant”, the investigative department of the Ministry of Internal Affairs of the Russian Federation completed the investigation of the criminal case of the so-called international group of hackers REvil, information about which was provided…
Four more attacks on the healthcare sector, weekend edition
UPDATE of Feb. 10, 2023: Regal Medical Group notified HHS that their incident impacted 3,300,638 patients. Original Post: It may be the weekend, but there’s no rest for the weary when it comes to tracking attacks on the healthcare sector. Here are four more incidents you may not have heard about already: Cardiovascular Associates Cardiovascular…
Taiwan car rental platform iRent plans compensation for data leak victims
Matthew Strong reports: Car rental and carshare platform iRent will prepare a compensation package for 400,000 clients deemed at risk from a recent leakage of private data, reports said Saturday (Feb. 4). The service, which is managed by Hotai Motor, the group manufacturing Toyota vehicles in Taiwan, was accused of having left users’ personal information…
Iran crew stole Charlie Hebdo database, says Microsoft
Jessica Lyons Hardcastle reports: Microsoft believes the gang who boasted it had stolen and leaked more than 200,000 Charlie Hebdo subscribers’ personal information is none other than a Tehran-backed gang. On Friday, Redmond’s Digital Threat Analysis Center (DTAC) attributed the cyber-heist to Iran’s Neptunium, which the US Department of Justice tracks as Emennet Pasargad. The…
Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide; more than 500 systems affected already
Sergiu Gatlan reports: Admins, hosting providers, and the French Computer Emergency Response Team (CERT-FR) warn that attackers actively target VMware ESXi servers unpatched against a two-year-old remote code execution vulnerability to deploy ransomware. Tracked as CVE-2021-21974, the security flaw is caused by a heap overflow issue in the OpenSLP service that can be exploited by unauthenticated…