Alfred Ng reports: Multiple government agencies are relying on a security measure that can be easily bypassed thanks to massive breaches like the Equifax hack, the US Government Accountability Office has found. In a report released Friday, the government watchdog group found that the US Postal Service, the Department of Veterans Affairs, the Social Security…
Category: U.S.
CO: Hit by ransomware, Estes Park Health decides to pay the ransom to get decryption keys
Zach Clemens reports that Estes Park Health suffered a ransomware attack on June 2. No data was exfiltrated, but it was locked up, and after consulting with their cyberinsurer and IT people, they decided that they had to pay the ransom. “At that point in time we are looking at the patients we have internally,…
OH: N.E.O. Urology pays attackers $75,000 after ransomware attack
Corey Vallas reports N.E.O. Urology in Boardman, Ohio paid attackers $75,000 after their computer systems were encrypted by ransomware. Police say the fax listed “Pay4Day.io” as the contact for further information. Read more on WFMJ. There is no notice on the medical practice’s web site as of the time of this posting, but it’s interesting…
$27K in restitution ordered for man who hacked Palo Alto Online
Sue Dremann reports the follow-up on a hack that occurred in 2015 and that was previously reported on this site. The 36-year-old man who hacked and temporarily shut down Palo Alto Online and other Embarcadero Media websites nearly four years ago was sentenced Wednesday in San Jose federal court to time already served, one-year of…
Jury awards patient $300k after hospital employee improperly accessed and shared her records
This is the kind of insider breach that makes patients lose confidence in hospitals. I am not surprised that the jury came down hard on the hospital. Of the $300,000 award, $295,000 is punitive damages against the hospital for not doing anything against the doctor when they were made aware of the problem. A Coffee…
Auto Dealer Software Provider Settles FTC Data Security Allegations
The following is a press release issued by the Federal Trade Commission (FTC) that relates to a data security incident — a misconfiguration — discovered by MacKeeper researchers in 2016 that was previously noted on this site, including a subsequent settlement between DealerBuilt and the New Jersey Attorney General’s Office. From the wording of the…