Aaron Sanderford reports: Nebraska on Monday became the first state to sue Tennessee-based Change Healthcare over the company’s massive data breach that cost at least 575,000 Nebraskans their personal information and medical records. … The breach was blamed on a low-level employee who had his or her login credentials hacked. Nebraska Attorney General Mike Hilgers…
Category: Breach Laws
New Australian Law Requires Victims To Disclose Ransom Payments
Maybe some victims will decide not to pay ransom since they will have to disclose the payment anyway? Jayant Chakravart reports: The Australian government’s proposed cybersecurity legislation passed both houses of the Parliament on Monday, formalizing the government’s strategy to boost ransomware payment reporting, mandate basic cybersecurity standards for connected devices and enhance critical infrastructure…
Since June, two groups claim to have attacked The Eye Clinic Surgicenter. What do we know?
One cyberattack is distressing enough. But has The Eye Clinic Surgicenter been attacked by two different groups this year? Silence is not golden if patient data has already been leaked. Last week, Meow Leaks added The Eye Clinic Surgicenter in Montana to their leak site. Meow’s site indicates that is offering 59 GB of files…
SEC Charges Four Companies With Misleading Cyber Disclosures
Washington D.C., Oct. 22, 2024 — The Securities and Exchange Commission today charged four current and former public companies – Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd, and Mimecast Limited – with making materially misleading disclosures regarding cybersecurity risks and intrusions. The SEC also charged Unisys with disclosure controls and procedures violations….
HHS Office for Civil Rights Imposes a $240,000 Civil Monetary Penalty Against Providence Medical Institute in HIPAA Ransomware Cybersecurity Investigation
In April 20218, DataBreaches reported a ransomware incident in February 2018 that had affected 81,550 patients of the Center for Orthopaedic Specialists (COS) – Providence Medical Institute (PMI) in California. The entity’s notification at the time indicated that patients’ names, dates of birth, details about medical records, and Social Security numbers had been involved in the…
New Data Breach Notification Obligations for Pennsylvania – and a New Reporting Portal
Liisa M. Thomas, Kathryn Smith of Sheppard, Mullin, Richter & Hampton LLP write: Pennsylvania AG Michelle Henry announced yesterday the launch of an online portal for businesses to report data breaches to the AG’s office. The portal launch comes before Pennsylvania’s new breach amendments take effect on September 26, 2024. One of the amendments will require businesses to report…