By early December 2022, Hive ransomware gang had not only claimed responsibility for an attack on Knox College, but when the college hadn’t paid their demand, they contacted students directly. As NBC reported, the emails sought to get students to pressure the college to pay: “We have compromised your collage networks,” the email said, written…
Category: Commentaries and Analyses
Au: AMA calls for stronger laws to protect patient data
Fat Niebres reports: The Australian Medical Association (AMA) has called for stronger safeguards to protect patient data, saying laws must be in place to prevent security breaches and the use of health data to boost private profits. In a new position paper, the AMA pointed out the need for a broader national discussion on health…
A Tale of Two Breach Notification Rules
Matt Fisher writes: The early days of February 2023 saw two very different settlements announced related to healthcare data breaches. One arguably follows a well-known course and the other could be a sign of things to come. After having a health breach notification rule on the books since 2009, the Federal Trade Commission (“FTC”) had…
The FBI tried in vain: The Russian case against REvil turned out to be insignificant
The following is a machine translation of an article on Kommersant.ru: The FBI tried in vain As it became known to “Kommersant”, the investigative department of the Ministry of Internal Affairs of the Russian Federation completed the investigation of the criminal case of the so-called international group of hackers REvil, information about which was provided…
Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide; more than 500 systems affected already
Sergiu Gatlan reports: Admins, hosting providers, and the French Computer Emergency Response Team (CERT-FR) warn that attackers actively target VMware ESXi servers unpatched against a two-year-old remote code execution vulnerability to deploy ransomware. Tracked as CVE-2021-21974, the security flaw is caused by a heap overflow issue in the OpenSLP service that can be exploited by unauthenticated…
HHS OCR Settles HIPAA Investigation with Banner Health Following 2016 Hacking Incident
The following is a press release from HHS. It is an update to a 2016 hacking incident previously covered on this site. The incident also resulted in a class action lawsuit that was settled for $6 million in 2019. February 02, 2023 Today, the U.S. Department of Health and Human Services’ Office for Civil Rights…