I know some people may think I’m being too harsh, but really — almost 1.5 years from detection to notifications to people of a breach? Their response in terms of preventing more incidents seems reasonable, but the gap to figure out that notification was needed and then whom to notify seems too long. What will…
Category: U.S.
Judge Dismisses Testing Platform Cyberattack Case Against Pearson
Kirsten Errick reports that a lawsuit against Pearson stemming from a 2018 breach that they were alerted to in 2019 has been tossed for lack of Article III standing: Judge John Z. Lee of the Northern District issued an opinion on Tuesday granting Pearson’s motion to dismiss regarding the data breach of its AIMSweb testing platform, which…
Athens ISD paid $50k ransom to attackers
Mintie Betts reports: Athens ISD Board of Trustees has agreed to pay a $50,000 ransom for school data that was taken in a criminal ransomware attack. The attack targeted data stored on district servers, backup systems, and hundreds of computers. As a result, access to data has been blocked including teacher communications, student schedules, grades,…
Vermont Tax Department exposed 3 years worth of tax return info
Sergiu Gatlan reports: The Vermont Department of Taxes today disclosed that taxpayers’ private information was exposed because of a security issue affecting its online filing site discovered on July 2, 2020. The data breach affected all Vermonters who electronically filed Property Transfer Tax returns using the tax department’s site between February 2017 and July 2020….
More pharmacy chains report HIPAA breaches linked to looting during protests
First it was Walmart disclosing that their pharmacies in stores in California and Chicago had suffered damage and theft by looters of medications ready for pickup with patient information on labels. Then it was CVS, who notified HHS that more than 21,000 patients’ information may have been compromised by looters who stole or accessed prescriptions…
Lifespan Pays $1,040,000 to OCR to Settle Unencrypted Stolen Laptop Breach
In April, 2017, Lifespan issued a statement disclosing a stolen laptop incident involving unencrypted protected health information. In at least two places in their statement they claim that they are committed to protecting the security and confidentiality of patient data. Today, OCR announced a settlement with Lifespan in which Lifespan is to pay more than…