If a covered entity detects a breach at the beginning of June 2021 but doesn’t notify patients until January 2022, will HHS think this is just fine? What if there was no encryption of data involved? Is it acceptable to take 7 months to notify patients if there are no unusual circumstances or request from…
Category: U.S.
FinalSite ransomware attack shuts down thousands of school websites
Lawrence Abrams reports: FinalSite, a leading school website services provider, has suffered a ransomware attack disrupting access to websites for thousands of schools worldwide. FinalSite is a software as a service (SaaS) provider that offers website design, hosting, and content management solutions for K-12 school districts and universities. FinalSite claims to provide solutions for over 8,000 schools and…
FlexBooker discloses data breach, over 3.7 million accounts impacted
Ionut Ilascu reports: Accounts of more than three million users of the U.S.-based FlexBooker appointment scheduling service have been stolen in an attack before the holidays and are now being traded on hacker forums. The same intruders are offering databases claiming to be from two other entities: racing media organization Racing.com and Redbourne Group’s rediCASE…
FTC Finalizes Order with Mortgage Analytics Firm, Requiring it to Strengthen Security Safeguards, Increase Oversight of Vendors
In December, 2020, the FTC announced a proposed settlement with Texas-based Ascension Data & Analytics after a security breach involving one of its vendors resulted in the exposure of, and unauthorized access to, consumers’ mortgage applications. One year later, the settlement received final approval, as the FTC announced on December 22: The Federal Trade Commission…
New York Attorney General James Alerts 17 Companies to “Credential Stuffing” Cyberattacks Impacting More Than 1.1 Million Consumers
NEW YORK – New York Attorney General Letitia James today announced the results of a sweeping investigation into “credential stuffing” that discovered more than 1.1 million online accounts compromised in cyberattacks at 17 well-known companies. Attorney General James released a “Business Guide for Credential Stuffing Attacks” that details the attacks — which involve repeated, automated attempts to access online…
UScellular discloses data breach after billing system hack
Segiu Gatlan reports: UScellular, self-described as the fourth-largest wireless carrier in the US, has disclosed a data breach after the company’s billing system was hacked in December 2021. The mobile carrier said in data breach notification letters sent to 405 impacted individuals that the attackers also ported some of the affected customers’ numbers using personal information stolen…