In November 2021, Valley Mountain Regional Center (VMRC) notified HHS that multiple employees were the victims of a phishing scheme that compromised the protected health information (PHI) of 17,197 individuals. They notified HHS, affected individuals, media, and provided substitute notice. HHS reports, “In its mitigation efforts, the Business Associate strengthened its technical safeguards to better…
Category: U.S.
Resource: U.S. State Data Breach Notification Laws
There’s an update to Foley & Lardner’s resource on U.S. state data breach notification laws. They explain what their resource applies and what it doesn’t apply to: While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches…
NYS Legislature’s bill drafting office is dealing with cyberattack
NBC reports: The New York State Legislature’s bill drafting office is dealing with a cyberattack. State officials reported their system has been down since early Wednesday morning. According to the New York Times, Gov. Kathy Hochul says this could stall operations and workers might have to use computer systems that are nearly 30 years old….
Cybersecurity firm suspects Russia-linked hacking group behind cyberattack on Texas water facility
Tom Olson reports: A hacking group with ties to the Russian government is suspected of carrying out a cyberattack in January that caused a tank at a Texas water facility to overflow, experts from US cybersecurity firm Mandiant said Wednesday. The attack took place in Muleshoe, Texas, and coincided with other towns in north Texas…
The Post and Courier hacked; Black Suit claims to have 500 GB of data.
The Post and Courier proudly declares itself the main daily newspaper in the South, with a heritage going back to The Courier, founded in 1803, and The Evening Post, founded in 1896. Over its history, The Post and Courier has covered many news stories. But today, they are the story because the Black Suit ransomware…
Lawsuits mount and cyberattack could cost UnitedHealth Group up to $1.6B this year
Christopher Snowbeck of the Star Tribune in Minnesota is doing some great reporting on the Change Healthcare UnitedHealth Group cyberattack. Yesterday, he did a write-up on a Minneapolis therapy clinic suing Change Healthcare. He reports, in part: Twin Cities Counseling says it hasn’t been able to submit payment claims for more than 100 appointments —…