Gareth Corfield reports on what sounds like a legal Hail Mary play: A barristers’ chambers hit by a ransomware attack has responded by getting a court order demanding the criminals do not share stolen data. 4 New Square chambers, which counts IT dispute experts among its ranks, obtained a privacy injunction from the High Court…
Category: Commentaries and Analyses
People’s Republic of China Passes the Data Security Law: A Summary of What We Know
Kim Peretti, Lance Taubin, and Emily Poole of Alston & Bird write: On June 10, 2021, almost exactly three years after the passing of its Cybersecurity Law (CSL), the National People’s Congress of China passed a new Data Security Law (DSL) (click here for an unofficial English translation of the DSL), which goes into effect September 1, 2021. Where…
BJC HealthCare Data Breach Lawsuit Survives Motions to Dismiss
HIPAA Journal reports: A class action lawsuit filed by two former patients against BJC HealthCare over a March 2020 email data breach has survived two motions to dismiss. Leaha Sweet and Bradley Dean Taylor took legal action against St. Louis-based BJC HealthCare in September 2020 after being notified that their protected health information had potentially…
Digging into Decoder.re in Kaseya ransom notes– threat intel by Resecurity
Interesting #threatintel thread on Twitter this morning from Resecurity (Full disclosure: I worked with one of their team a number of years ago.). Their research findings do not seem to be up on their web site at this time, so hopefully you can access it on Twitter. The thread begins here. In light of the…
HHS warns health systems of PACS security vulnerabilities — again
Mike Miliard reports: The U.S. Department of Health and Human Services is warning hospitals and health systems that a security vulnerability in picture archive communication systems, first discovered two years ago, is a problem that needs fixing now. WHY IT MATTERS In 2019, cyber researchers found a flaw in some PACS that, if exploited, could…
The Waikato DHB breach: What do NZ regulations consider reasonable security?
DataBreaches.net reports on breaches from many countries, including New Zealand. On my companion site, PogoWasRight.org, I’ve posted approximately 200 news stories about privacy incidents there, their privacy laws, and decisions by their privacy commissioner. And on this site, I’ve posted almost 200 more articles about breaches impacting New Zealand. But when the Waikato District Health…