As previously reported on this site, in September 2023, Cardiovascular Consultants Ltd. (CVC) in Arizona experienced a ransomware attack. In October 2023, the Qilin ransomware group added CVC to its leak site, claiming to have exfiltrated 520,961 files and 206 GB of data. And in December 2023, CVC announced the breach in a substitute notice…
Category: Commentaries and Analyses
Courts Are Still Willing To Dismiss Data Breach Lawsuits for Lack of Standing
Raika Casey and Alexis Opper of BakerHostetler write: In data breach litigation, courts generally find plaintiffs have standing such that their complaints may proceed past the pleading stage when it is alleged that sensitive information was impacted and there is an allegation of dark web exposure, misuse or fraud. However, a few courts have recently…
FCC proposes new cybersecurity mandates for submarine cable operators in major rule review, seeks public input
Industrial Cyber reports: The U.S. Federal Communications Commission (FCC) is conducting its first comprehensive review of submarine cable rules since 2001 to enhance the protection of the nation’s submarine cable infrastructure amid evolving national security concerns. The review also proposes that all applicants for cable landing licenses and licensees submitting periodic reports must certify that they have…
Breach notifications needed to be made faster in 2024. Instead, they were made more slowly.
Although some members of the public may not realize it, not all U.S. medical practices or practitioners are covered by HIPAA. But for entities that are regulated by HIPAA, HIPAA has some requirements for notifying patients about reportable breaches. The first thing to understand is that for regulated entities, a breach is considered “discovered” on…
South Korea: Modetour Network fined 740 million won for hacking incident; Meta loses appeal of 6.7 billion won fine
There are two cases in South Korean news this week of note here today involving enforcement actions by South Korea’s Personal Information Protection Commission. One involves a travel agency, Modutour. The other involves a court decision about Meta’s data sharing. Modutour Network Fined by PIPC Yun Ye-won reports that Modutour Network, which neglected safety measures…
#StopRansomware: Medusa Ransomware
Release Date: March 12, 2025 Alert Code: AA25-071A Summary Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders detailing various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect…