Jeffrey Csercsevits of Fisher Phillips writes: A federal appeals court recently addressed whether employees had standing to bring a lawsuit when their personally identifiable information (PII) was inadvertently circulated to other employees at the company, with no indication of misuse or external disclosure. In McMorris v. Carlos Lopez & Associates, LLC, the 2nd Circuit Court of…
Category: Commentaries and Analyses
Having your ePHI dumped on the dark web by threat actors doesn’t necessarily give you standing to sue
In May, 2020, Assured Imaging in Arizona experienced a ransomware attack that they revealed in August, 2020.The incident reportedly impacted 244,813 patients. The data dump by the Pysa threat actors contained a lot of ePHI that appeared to be mostly mammography pre-screening histories or forms with data types such as medical record number, names, addresses,…
AEON Clinical Laboratories (Peachstate) Pays $25,000 to Settle Potential HIPAA Security Rule Violations
Peachstate Health Management, LLC, doing business as AEON Clinical Laboratories (Peachstate), has agreed to pay $25,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to implement a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. …
Indonesian government bans Raid Forums after leak, in talks over data protection bill
Ursula Florene reports: After the alleged leak of personal data of more than 200 million Indonesians, the Communications and Information Ministry has ordered internet service providers to block access to data sharing site Raid Forums. Hackers have used the site to sell information in multiple cases, including those involving e-commerce platforms Tokopedia and Bukalapak. “Raid Forums has…
In: Hacking, Data Theft Attract Offences Under IPC Also, Not Just Information Technology Act : Supreme Court
Mehal Jain reports: The Supreme Court on Tuesday remarked that in a case of hacking and data theft, in addition to penal provisions of the IT Act, offences under the IPC would also be attracted and that the IT Act would not exclude the applicability of the IPC. Read more on LiveLaw.in. Related: Order.
Qlocker ransomware gang shuts shop after extorting owners of QNAP NAS drives
Graham Cluley writes: With all the headlines about ransomware attacks hitting companies hard, you might think there’s only bad news around the subject. Well, think again. Not only has the Darkside ransomware gang seemingly shut down since the high-profile attack which resulted in the Colonial Pipeline being shut down, and numerous dark web forums announce that…