From OCR’s newsletter today: Throughout 2020 and 2021, hackers have targeted the health care industry seeking unauthorized access to valuable electronic protected health information (ePHI). The number of breaches of unsecured ePHI reported to the U.S Department of Health and Human Service’s Office for Civil Rights (OCR) affecting 500 or more individuals due to hacking…
Category: Commentaries and Analyses
Arkansas AG Sues Defunct Health Provider for Mishandling Patient Records
Scott Carroll reports: Arkansas Attorney General Leslie Rutledge on Thursday announced a lawsuit against the defunct Eastern Ozarks Regional Health for failing to protect sensitive patient information after it closed. The former hospital in Cherokee Village is accused of leaving behind thousands of unsecured patient and employee records that contain social security numbers, driver’s license…
Hidden privacy lessons in the FTC’s CafePress security enforcement
Cobun Zweifel-Keegan writes: In its most recent cybersecurity enforcement decision, the U.S. Federal Trade Commission announced a draft settlement agreement with the current and former operators of the customized merchandise website CafePress.com. Although the unanimous consent order focuses primarily on the company’s lax security practices, which allegedly led to multiple data breaches, there are also a few…
Facebook fined $18.6M over string of 2018 breaches of EU’s GDPR
Natasha Lomas reports: Facebook’s parent company, Meta, has been fined €17 million (~$18.6 million) by the Irish Data Protection Commission (DPC) over a string of historical data breaches. The security lapses in question, which appear to have affected up to 30 million Facebook users, date back several years — and had been disclosed by Facebook…
Lawmakers Probe Early Release of Top RU Cybercrook
Brian Krebs reports: Aleksei Burkov, a cybercriminal who long operated two of Russia’s most exclusive underground hacking forums, was arrested in 2015 by Israeli authorities. The Russian government fought Burkov’s extradition to the U.S. for four years — even arresting and jailing an Israeli woman to force a prisoner swap. That effort failed: Burkov was…
Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability
There’s a new Joint Cybersecurity Advisory (Product ID: AA22-074A) SUMMARY: The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) to warn organizations that Russian state-sponsored cyber actors have gained network access through exploitation of default MFA protocols and a known vulnerability. As early as…