Marianne Kolbasuk McGee reports: The prospect of class action lawsuits being filed in the aftermath of a major data breach often has more impact on breached healthcare organizations than the potential for fines and enforcement actions by government regulators, says attorney Jeff Westerman of Westerman Law Corp. With all the legal expenses and time involved…
Category: Commentaries and Analyses
Attack on the Azienda Ospedaliera di Alessandria hospital: additional details on the case
Marco A. De Felice prefaces his reporting on a Ragnar_Locker attack with this message: For ethical reasons we did not want to spread the news of the attack on the hospital’s IT infrastructure before the news became public knowledge. Indeed, on December 20, SuspectFile had already become aware of the ransom note written by the…
Cyberattacks: higher education on high alert despite the holidays
The following is a machine translation of a report by Valéry Rieß-Marchive: cIn mid-September, Toulouse INP started the school year on a cyberattack with ransomware . At the beginning of December, Grenoble INP informed of an “intrusion” on its computer servers, but not to mention a cyberattack . At the same time, our colleagues from Parisian revealed that the IUT Paris – Rives de Seine was openly…
NYS Comptroller DiNapoli Releases More School District Audits
Two more school district audits were released before the holiday. Nanuet Union Free School District – Network User Accounts and Information Technology Contingency Plan (2022M-135) Issued Date December 09, 2022 Background The District serves the Town of Clarkstown in Rockland County. The District is governed by an elected seven-member Board of Education (Board) that is…
Ransomware Needs ‘Physical’ Damage For Insurance, Ohio Court Rules
Daphne Zhang reports: Owners Insurance Co. convinced the Ohio Supreme Court that it has no duty to cover a medical software company’s ransomware-related losses because the attack didn’t cause any property damage. EMOI Services LLC’s insurance policy “requires direct physical loss of or damage to media—Computer software cannot experience direct physical loss or physical damage, because…
“No need to hack when it’s leaking:” the “Here’s how you get a HIPAA complaint” edition
So… regular readers know that DataBreaches has occasionally reported on data security incidents in the healthcare sector that involved leaks due to misconfigurations of GitHub repositories, storage buckets, open directories, etc. Not all of this site’s attempts to disclose leaks responsibly have gone smoothly, as described in a collaborative paper written with Dutch researcher Jelle…