CORRECTION: On January 17, DataBreaches.net learned that although this site accurately reported on statements made by Aimee Fant, Executive Director of Little Red Door Cancer Services of East Central Indiana (LRD) in an internal email to those involved in addressing a hack by TheDarkOverlord, the director’s statements to her staff and colleagues allegedly contained errors or somewhat misleading explanations….
Category: Breach Incidents
2016: Healthcare data breaches in review, Part 2
This is the second part of a look-back at 2016 and a commentary on why we need to analyze breaches differently if we really want to become more proactive in preventing them. Part 1 of this article can be found here). To recap Part 1: although headlines tend to scream “HACK!” (and irritatingly show us stock images of…
2016: Healthcare data breaches in review, Part 1
There were a number of year-in-review analyses for the healthcare sector, but now Protenus has released its report, which is based on analyses of 450 U.S. incidents first disclosed in 2016. The incidents were compiled by DataBreaches.net, who also provided some of the analyses. While some media outlets still headline external hacks where massive numbers of records…
Misconfigured Server Gives Insight Into Cerber Ransomware Operation
Catalin Cimpanu reports: Security researchers have gained access to one of the servers used by the Cerber gang, from where they were able to extract basic statistics about their operation. A security researcher that only goes by the nickname of Racco42 discovered the vulnerability on Thursday, January 12. The issue affected only one Cerber server, not all,…
Need help because your MongoDB installation was hit by ransomware?
For the past week, this site has been providing updates on previous coverage about a wave of ransomware attacks hitting misconfigured MongoDB installations. New instances continue to be detected by researchers on a daily basis. The attacks have shown no geographic or sector boundaries – any MongoDB installation indexed by Shodan.io that had or has…
“….and in no case later than 60 calendar days after discovery of a breach”
I’ve been encouraging (ok, nagging) HIPAA lawyer Jeff Drummond of Jackson Walker to write a post explaining what the 60-day notification provision really means in HIPAA, as I’ve always had a lot of questions about it, such as: Does the 60-day clock start when the covered entity (CE) first discovers that they might have a…