Charles S. Morgan, Ellen Yifan Chen, and Philippe April of McCarthy Tétrault LLP write: The Act to Modernize Legislative Provisions respecting the Protection of Personal Information (“Bill 64” or the “Bill”)[1] received royal assent on September 22, 2021, introducing new obligations for private sector businesses in Québec phased over the course of three years. […] it is important…
Category: Commentaries and Analyses
“Shoot the Messenger,” Friday edition: Homewood Health resorts to threats and a court order?
In July of this year, CTV News in Canada and DataBreaches.net reported on a breach involving Homewood Health in Canada. Both CTV and this site had become aware of the breach when data allegedly from Homewood showed up on a leak site called Marketo. Marketo claimed to have almost 300 GB of Homewood’s data for…
Missouri Teachers’ Social Security numbers at risk on state agency’s website; state’s response is to shoot the messenger?
Josh Renaud reports: The Social Security numbers of school teachers, administrators and counselors across Missouri were vulnerable to public exposure due to flaws on a website maintained by the state’s Department of Elementary and Secondary Education. The Post-Dispatch discovered the vulnerability in a web application that allowed the public to search teacher certifications and credentials…
Under the media radar…
Here are just a few more breach reports that reveal medical or health information. The following may not be HIPAA-covered entities or may not show up on HHS’s public breach tool even if they are covered (because of the number impacted): Lion Street Financial in Texas recently notified the New Hampshire Attorney General’s Office about…
Ransomware Group FIN12 Aggressively Going After Healthcare Targets
Ravie Lakshmanan reports: An “aggressive” financially motivated threat actor has been identified as linked to a string of RYUK ransomware attacks since October 2018, while maintaining close partnerships with TrickBot-affiliated threat actors and using a publicly available arsenal of tools such as Cobalt Strike Beacon payloads to interact with victim networks. Cybersecurity firm Mandiant attributed…
Netherlands can use intelligence or armed forces to respond to ransomware attacks
Catalin Cimpanu reports: The Dutch government said it would use its intelligence or military services to counter cyber-attacks, including ransomware attacks, that threaten its national security. Answering a parliamentary inquiry into the country’s possible avenues of response to ransomware attacks, Ben Knapen, Dutch Minister of Foreign Affairs, said under normal circumstances, diplomatic avenues take precedence,…