The HHS Office for Civil Rights (OCR) is sharing the following information to ensure that HIPAA regulated entities are aware of the resources available to assist in preventing, detecting, and mitigating breaches of unsecured protected health information caused by hacking and ransomware. HHS Health Sector Cybersecurity Coordination Center Threat Briefs: https://www.hhs.gov/about/agencies/asa/ocio/hc3/products/index.html#sector-alerts January 28, 2021 –…
Category: Commentaries and Analyses
Adventures in Notification, Ethical Dilemma Edition
Long-time readers know that this blogger has encountered some interesting situations over the years in response to trying to engage in responsible disclosure of leaks or incidents. As just a few examples (apart from all the lawsuit threats for exposing leaks or incidents), this blogger was: — threatened with being infected with HIV by angry…
Getting caught up: Conti domains seized by Irish Garda
A story by Stephen Breen inThe Irish Sun yesterday included reference to an update on the HSE attack by Conti: Earlier this month, cops seized several websites belonging to the Russian gang behind the attack in a major “disruption operation”. If anyone logs on to the sites they will see a screen warning the site…
U.S. to Target Crypto Ransomware Payments With Sanctions
Well, this is not exactly what I suggested yesterday on Twitter as a strategy (I suggested that every ransomware group that hits the medical sector should be declared a terrorist organization and put on the Treasury’s sanctioned list), but it could help. Ian Talley and Dustin Volz report: The Biden administration is preparing an array…
Illinois Man Convicted of Federal Criminal Charges for Operating Subscription-Based Computer Attack Platforms
LOS ANGELES – An Illinois man was found guilty today by a federal jury for running websites that allowed paying users to launch powerful distributed denial of service, or DDoS, attacks that flood targeted computers with information and prevent them from being able to access the internet. Matthew Gatrel, 32, of St. Charles, Illinois, was found…
Credential leak fears raised following security breach at Travis CI
John Leyden reports: Concern is growing within the infosec community that a breach at DevOps platform vendor Travis CI might run deeper than the firm has so far been prepared to admit. Travis CI, a continuous integration and continuous delivery (CI/CD) service for cloud platform projects, admitted to an issue in a post on its community forums while also…