Commentaries and Analyses – Page 22

PowerSchool Incident: A few resources for teachers, parents, and former students (2)

Posted on January 10, 2025January 14, 2025 by Dissent

DataBreaches is trying to keep up with updates from PowerSchool, but from the outset, DataBreaches has recommended districts, parents, and teachers assume the worst — i.e., assume that all of the data really weren’t deleted permanently. On the premise of better safe than sorry, and reminding people that PowerSchool’s attorney is not YOUR attorney, here…

Hackers Claim To Have Compromised Data Broker Used By U.S. Government To Dodge Warrants

Posted on January 9, 2025 by Dissent

Over on TechDirt, Karl Bode writes: Gravy Analytics, the parent company of Venntel, is like many dodgy data brokers. The company gleans vast troves of sensitive U.S. behavior and location cellphone data, then generally sells access to that data to a long line of folks. Including the U.S. government, which has increasingly turned to buying…

HHS Office for Civil Rights Settles 9th Ransomware Investigation with Virtual Private Network Solutions

Posted on January 8, 2025 by Dissent

HHS OCR announced another settlement that is their ninth ransomware investigation and their third settlement as part of their Risk Analysis Initiative. This one stems from a breach by VPN Solutions that was previously reported on this site: Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a…

HHS Office for Civil Rights Settles 8th Ransomware Investigation with Elgon Information Systems

Posted on January 7, 2025 by Dissent

Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced an $80,000 settlement with Elgon Information Systems (Elgon), a Massachusetts company that provides electronic medical record and billing support services to covered entities, under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. OCR enforces the HIPAA Privacy,…

Many researchers are pseudonymous. That doesn’t justify ignoring their alerts.

Posted on January 5, 2025January 5, 2025 by Dissent

For many years, the FTC has published guidance for businesses to Start with Security. Their advice has always included having a clear way to receive security alerts about vulnerabilities. That advice has been repeated in all updates, including their 2023 version. Why do I mention that now? Because once again, attempts to warn a company…

Feds claims just 7% of available funds from OPM breach settlement, remainder returns to Treasury

Posted on January 3, 2025 by Dissent

Eric Katz reports: Current federal employees, retirees and others impacted by widespread breach of personal data maintained by the Office of Personnel Management took advantage of only a small portion of the money made available in a settlement agreement following the 2015 hack. Plaintiffs in the class action lawsuit reached a settlement in 2022 with…