Federal regulations requjire substitute notice when notification by postal mail or other direct means cannot be made, but I cannot recall ever seeing a substitute notice that announced it was only being made for one particular patient. The following was published by the Oregon Health & Science University: On May 16, 2022, a computer belonging…
Author: Dissent
Timios settles data breach litigation
Real estate solutions company Timios agreed to settle claims it failed to protect consumer data in a July 2021 data breach. Top Class Actions reports that in October 2021, Timios began to inform customers their sensitive information may have been compromised when a third party gained access to the company’s network, encrypted certain Timios systems and…
Cn: Two hackers get arrested five days after their release for making $300,000 illegal profits
Global Times reports: Two hackers in Tongling, East China’s Anhui Province, were arrested by local police after they had been released from prison for only five days and made 2 million yuan($300,000) in illegal profits. The local police had lately discovered that the backend data of a company in its jurisdiction had been hacked, and…
South Korean call taxi system paralyzed by ransomware attack, company pays ransom to get decryptor
Ahn Ho-cheon reports (machine translation follows): A company operating a ‘call taxi system’ in most cities and counties in Gangwon-do was attacked by a hacking attack, and call taxi calls through smartphone apps were blocked. It was found that the call system was paralyzed in parts of Busan, Gyeonggi, Gyeongbuk, and Jeonnam in addition to Gangwon…
Treating Healthcare’s Insider Threat
Gabriel Avner writes: There’s an old joke about why bank robbers rob banks. Because that’s where the money is. Given the valuable assets under their care, banks, fintech, insurance, and other financial institutions have understood that they have to take special care to avoid data breaches and other threats. But if the past week’s steady…
Recent decisions by the Data Protection Commissioner of Singapore
Recent decisions by the Data Protection Commissioner of Singapore include the following: Directions were issued to Crawfort Pte to conduct a security audit of its technical and administrative arrangements for its AWS S3 environment and rectify any security gaps identified in the audit report. This is pursuant to a data breach incident where Crawfort’s customer…