Theresa Defino writes: Issue a final rule revising the privacy regulation and write guidance on the information blocking rule. Formalize the fledgling audit program required by Congress more than 10 years ago. Engage with providers and other HIPAA-regulated entities. And by all means, get cracking. In a series of interviews with RPP, two former Office for…
Category: Commentaries and Analyses
Hack me once, shame on you. Hack me twice, shame on me?
Alicia Hope reports: A report by Ponemon Institute and commissioned by Team Cymru found that half of the organizations surveyed experienced disruptive cyber attacks from repeat sophisticated threat actors, the majority of whose exploits were unresolved. Although organizations acknowledged experiencing disruptive attacks and from repeat offenders, total remediation was not possible. According to the report,…
Ransomware attackers claim to have stolen data from three NZ firms
Tom Pullar-Strecker reports: South Island businesses may be paying an early price for the United States’ recent successes against ransomware attackers. Evidence is emerging that ransomware criminals may be switching attacks to “soft targets” including New Zealand and Australian firms after President Biden laid down the law with Russia, experts say. A ransomware group known…
Morgan Stanley asks court to throw out data security lawsuit
Ryan W. Neal reports: Morgan Stanley has asked a New York federal court to throw out a class action lawsuit alleging the firm failed to properly wipe sensitive client information from decommissioned computer equipment that has since gone missing. The former clients cannot plausibly identify instances of personal data being accessed or misused, or any…
UK: Activist raided by police after downloading London property firm’s ‘confidential’ meeting minutes from Google Search
Gareth Corfield reports: A man who viewed documents online for a controversial London property development and shared them on social media was raided by police after developers claimed there had been a break-in to their systems. The raid by four Metropolitan Police constables took place after Southwark campaigner Robert Hutchinson was reportedly accused of illegally…
k-12 school districts fall prey to Pysa ransomware
—– A DataBreaches.net report by Dissent and Chum1ng0 —– In Part 1 of this series, DataBreaches.net described a number of attacks by Pysa (mespinoza) threat actors on medical entities in the U.S. In Part 2, we look at eight k-12 public school districts in the U.S. who either appear on the threat actors’ dedicated leak…