Anna Merod reports: Dive Brief: Minnesota public school districts, charter schools and colleges must now report cybersecurity incidents such as ransomware or network attacks under a newly enacted state law. The information that schools report to Minnesota will not be shared publicly, unlike with similar statewide data breach reporting requirements in California and Maine. Instead, the information will be anonymized…
Category: U.S.
Wyden seeks stricter telecom cyber standards following Salt Typhoon breach
Martin Matishak reports: Sen. Ron Wyden on Tuesday unveiled legislation that would require the Federal Communications Commission to set cybersecurity standards for telecom companies, as the policymakers grapple with the ongoing breach of U.S. phone networks by Chinese hackers. The draft measure from the Oregon Democrat comes days after Senate lawmakers received a classified briefing about the wide-scale…
Hudson Valley Health Care Facility Operator Fined $1.4M for Failing to Protect Patient Data; $850,000 suspended
Once again, we see a state attorney general taking data protection enforcement action against a healthcare entity when HHS hasn’t. The incident referred to below was reported to HHS’s public breach tool in December 2023, but there is no notation that any HHS investigation into it has been closed. From the NYS Attorney General’s Office,…
Watsonville Community Hospital still dealing with November cyberattack
Watsonville Community Hospital in California is continuing to work through what they refer to as a cyberattack on November 29. The hospital’s network has been offline since then with staff reverting to “downtime” procedures using paper. The hospital has been able to continue to provide emergency, inpatient, and outpatient care but alerts patients that there…
Hoboken NJ cyberattack by 3AM was “massive”
Ron Zeitlinger of The Jersey Journal reports: Social security numbers, driver’s licenses, payroll, health and other personal information of Hoboken workers and residents ― including dozens who applied for rental assistance during the pandemic ― was among the data stolen in the cyberattack last month, The Jersey Journal has confirmed. The Russia-linked ransomware group ThreeAM (also known as…
Anna Jaques Hospital notifies 316,300 people about 2023 ransomware attack
On Christmas, December 2023, Anna Jaques Hospital (AJH) in Massachusetts was grappling with a cyberattack that knocked out their EHR system and resulted in them having to divert ambulances to other area hospitals. On January 23, they posted a preliminary website notice (archived) about the attack. That notice was posted four days after threat actors…