Catalin Cimpanu reports: Smartwatch and wearables maker Garmin has shut down several of its services on July 23 to deal with a ransomware attack that has encrypted its internal network and some production systems. The company is currently planning a multi-day maintenance window to deal with the attack’s aftermath, which includes shutting down its official…
Category: U.S.
Small Health Care Provider Fails to Implement Multiple HIPAA Security Rule Requirements
There’s been a rare sighting of a 2020 HHS settlement of HIPAA charges. An almost 10-year old report of what would be a relatively small breach led to an investigation that uncovered persistent failures to implement the HIPAA Security Rule. From HHS: Metropolitan Community Health Services (Metro), doing business as Agape Health Services, has agreed…
NY Charges First American Financial for Massive Data Leak
Brian Krebs reports: In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. had exposed approximately 885 million records related to mortgage deals going back to 2003. On Wednesday, regulators in New York announced that First American was the target of their first ever cybersecurity enforcement action in…
Walmart reports that some patient data may have been stolen by looters during civil unrest
I think this is the first notice I’ve seen of this kind. Notice of Data Incident A number of retail establishments across the country have recently been impacted by widespread civil unrest. On May 31, 2020, Walmart pharmacies at the following locations were impacted by this civil unrest: Store 2648 at 1919 Davis Street in…
Ransomware attack on cloud-services provider affects charities and not-for-profits
Nicole K. D’Aoust and David Krebs of Miller Thomson write: A company that supplies cloud fundraising and accounting software to the charity and not-for-profit sector announced yesterday that it experienced a ransomware attack in May 2020. Blackbaud is the company behind such programs as Raiser’s Edge NXT, eTapestry, and The Financial Edge. The company’s press…
Arkansas state vendor sued over data breach
Stephen Steed reports: A lawsuit filed Thursday in Pulaski County Circuit Court says the security breach of a new state computer program this spring led to identity theft of those seeking to apply for unemployment compensation benefits. The lawsuit claims that Protech Solutions of Little Rock, which was hired by the state to develop the…