Mathew J. Schwartz reports: Many ransomware-wielding attackers are expert at preying on their victims’ compulsion to clean up the mess. Hence victims often face a menu of options: Pay a ransom for a decryptor, and you’ll be able to unlock forcibly encrypted data. Pay more, and your name gets deleted from the list of victims…
Category: Commentaries and Analyses
New Data Quantifies Ransomware Attacks on Healthcare Providers
Hannah Neprash and Alan Z. Rozenshtein write: In a new JAMA Health Forum Original Investigation, we and our co-authors address this data gap. We have created the Tracking Healthcare Ransomware Events and Traits (THREAT) database, a comprehensive accounting of 374 ransomware attacks on U.S. healthcare delivery organizations from 2016-2021. To assemble this database we used…
2023 New Year’s Resolution: Don’t Get “Whacked” By A State AG for Cybersecurity Compliance
Joe Lazzarotti of Jackson Lewis writes: It usually happens after a reported data breach. The organization experiencing the breach sends notifications to affected individuals, as well as federal and or state agencies where appropriate and perhaps other parties. Not long thereafter, the organization receives an inquiry from one or more government agencies. These inquiries typically…
Oregon AG Rosenblum Settles with Avalon Healthcare over 2019 Data Breach
Although HHS OCR generally fails to take a hard enforcement line with reporting breaches by the “no later than 60 day” rule in HIPAA, state attorneys general may enforce even stricter deadlines. Read this press release: December 27 — Oregon Attorney General Ellen Rosenblum and Utah Attorney General Sean Reyes announced they’ve settled a data breach enforcement case…
Worst breach notifications of 2022
This is the time of year when many sites compile their lists of worst breaches of the year. Some consider all sectors, some confine themselves to one sector. Many base their lists on number reported to some regulator. Over the years, I have compiled my own annual lists where the “worst breaches” were not always…
NC: Monarch notifies HHS of breach, but where are the details and notice?
On September 1, a listing on a dark web site by a group calling themselves Don#t_Leaks named MonarchNC as a victim. The listing did not appear for long. The only “proof” offered at the time was a filetree and a screencap of what might be an index of an inbox showing monarchnc.org domain in email…