Commentaries and Analyses – Page 15

The EU NIS2 Directive and intra-group IT services

Posted on August 24, 2025 by Dissent

Dr. Stefan Schuppert and Valentin Reiter of Hogan Lovells write: While the NIS2 Directive remains to be implemented in several EU Member States, including Germany, companies should use the time to assess whether they fall within the scope of the Directive and prepare for its implementation. When making this assessment, particular attention should be paid…

“Cleanup in Aisle 4:” Telegram is a mess of fake ShinyHunters channels

Posted on August 21, 2025August 21, 2025 by Dissent

On August 9, DataBreaches reported on a Telegram channel with a name that combined the names of three groups: ShinyHunters, Scattered Spider, and Lapsus$. At the time, DataBreaches noted: Commenters on reading the new Telegram channel call it “schizo,” “complete chaos,” and “insane.” DataBreaches would just call it “overwhelming.” Today, DataBreaches would just call it…

Two agencies in one state investigated and fined Healthplex. Was that one too many?

Posted on August 19, 2025 by Dissent

DataBreaches is generally a great fan of state attorneys general taking enforcement action stemming from data breaches where the security was really subpar or the entity did not notify those affected in a reasonable amount of time. But two enforcement actions in New York have me wondering if the state has been a bit unfair…

HHS OCR Settles HIPAA Ransomware Security Rule Investigation with BST & Co. CPAs, LLP

Posted on August 19, 2025 by Dissent

In February 2020, DataBreaches reported that patients of Community Care Physicians in New York may have had their protected health information, date of birth, and insurance coverage exposed as a result of a ransomware attack by Maze Team at the Albany-based accounting firm BST & Co. CPAs. The incident was reported at the time to…

NYDFS Secures $2 Million Cybersecurity Settlement with Healthplex, Inc.

Posted on August 16, 2025August 16, 2025 by Dissent

There is an update to a phishing incident in 2021 that impacted more than 89,000 people with Healthplex dental insurance. DataBreaches notes that the NYDFS settlement announced below is not the first settlement stemming from this incident. In December 2023, the NY Attorney General’s Office announced a $400,000 settlement with Healthplex. Both the 2023 and…

Site Behind Major SSN Leak Returns With Detailed Data on Millions: How to Opt Out

Posted on August 13, 2025 by Dissent

Michael Kan reports: National Public Data, a website infamous for its role in leaking millions of Social Security numbers last year, has returned with the ability to look up anyone’s personal information. The site shut down in December amid a wave of lawsuits against parent company Jericho Pictures after a breach exposed an estimated 272 million unique SSNs and…