By now, probably everyone has heard about the Colonial Pipeline security incident that has been linked to threat actors known as DarkSide. On April 12, this site published an email chat with DarkSide. If you missed that chat write-up, you can read it here. On May 8, after the mainstream media reported that the Colonial…
Category: Commentaries and Analyses
OCR Investigator: Goal Is to Uncover ‘Root Cause,’ Remedy Harm From Violations
If you haven’t read it already, do read Theresa Defino’s excellent report from HCCA Compliance’s Report on Patient Privacy on JDSupra. It may be one of the most interesting — and most frustrating — reports I’ve read about OCR investigations. Why did I find it frustrating, you might wonder? Because of the lack of any…
In Capital One Data Breach Litigation Federal Judge Grants Capital One’s Motion To Certify Question to Virginia Supreme Court
Kristin L. Bryan of Squire Patton Boggs writes: CPW [Consumer Privacy World] has been tracking since last year the Capital One data breach multidistrict litigation (remember that privilege ruling?). Well, today the federal judge overseeing the litigation granted Capital One’s motion to certify to the Virginia Supreme Court a question of whether there exists under Virginia…
Here’s the breakdown of cybersecurity stats only law firms usually see
Joe Uchill has a good interview with Craig Hoffman of BakerHostetler about their recent report that includes their extensive incident response experiences handling ransomware incidents. BakerHostetler has always been one of my most trusted resources on breach responses, as they are quite blunt about their advice — even when it may be what government or…
Ryuk ransomware finds foothold in bio research institute through student who wouldn’t pay for software
Charlie Osborne reports: Security researchers have provided insight into how a single student unwittingly became the conduit for a ransomware infection that cost a biomolecular institute a weeks’ worth of vital research. In a report due to be published on Thursday, Sophos described the case, in which the team was pulled in to neutralize an active cyberattack…
China Issues Second Version of the Draft Personal Information Protection Law for Public Comments
Hunton Andrews Kurth writes: On April 29, 2021, China issued a second version of the draft Personal Information Protection Law (“Draft PIPL”). The Draft PIPL will be open for public comments until May 28, 2021. While the framework of this version of the Draft PIPL is the same as the prior version issued on October 21, 2020,…