Chris Bennington of Epstein Becker Green writes, in part: The HITECH Act requires OCR to issue annual reports to Congress of HIPAA breaches and complaints received by OCR during the calendar year. For 2020, OCR reported that it received 656 notifications of breaches affecting 500 or more individuals, 66,509 notifications of breaches affecting fewer than…
Category: Commentaries and Analyses
Lapsus$, Okta and the Health Sector
A whitepaper from the HHS Cybersecurity Program. April 7, 2022 Available online at https://www.hhs.gov/sites/default/files/lapsus-okta-health-sector-tlpwhite.pdf (26 pp, pdf)
Details on the Weatherford ISD data breach
DataBreaches.net has received the following statement from Charlotte LaGrone, Executive Director of Communications for Weatherford ISD, concerning the breach DataBreaches.net reported yesterday: Weatherford ISD Statement on Data Breach The confidentiality, privacy, and security of information in our care is one of our highest priorities. Despite multiple layers of processes and procedures to prevent a data…
East Tennessee Children’s Hospital updates information on ransomware incident
On March 15, this site noted that the East Tennessee Children’s Hospital had posted a notice about an IT security incident. At the time, they did not identify the incident as a ransomware incident. DataBreaches.net subsequently found some explanation for that notice — a listing on a Russian-language forum offering data from ETCH with numerous…
Microsoft on disrupting cyberattacks targeting Ukraine; Facebook on countering Ghostwriter’s attempts
Tom Burt , the Corporate Vice President, Customer Security & Trust at Microsoft writes: Today, we’re sharing more about cyberattacks we’ve seen from a Russian nation-state actor targeting Ukraine and steps we’ve taken to disrupt it. We recently observed attacks targeting Ukrainian entities from Strontium, a Russian GRU-connected actor we have tracked for years. This…
Five ransomware groups, five victims… will it ever ease up?
The following is a snapshot of recent attacks on U.S. healthcare entities by ransomware teams. #1 First Choice Community Healthcare – Hive Hive threat actors have never sworn off attacking the healthcare sector. In addition to claiming that they attacked the Partnership HealthPlan of California on March 19 (an attack that has impacted PHPC’s functioning),…