HIPAA Journal reports on an incident that is illustrative of the challenges entities may face in the wake of a ransomware attack — determining whether a breach is a reportable incident or not. It also illustrates what may happen if an entity decides something is not a reportable breach but further investigation by the U.S….
Category: Commentaries and Analyses
UK: Ministry of Defence secrets exposed by people sending files to personal email accounts, documents show
Alexander Martin reports: Secret information belonging to the Ministry of Defence was exposed to hostile states when it was transferred from secure networks to personal email accounts, Sky News has learnt. Although documents obtained by Sky News were redacted to obscure the nature of the secret information, they reveal a record number of security breaches…
Assessing Damages in Data Privacy and Data Breach Class Actions Involving Health Data in the Wake of COVID-19
Vildan Altuglu, Maria Salgado, Omur Celmanbet, Rezwan Haque, and Lucia Yanguas of Cornerstone Research write: The COVID-19 pandemic, which has generated a surge in telehealth and introduced the concept of contact tracing into our daily lives, is likely to expose businesses and governments to an increased risk of data privacy and data breach class actions…
A Hacker Got All My Texts for $16
If this story doesn’t scare you, I don’t know what will. Joseph Cox reports: I didn’t expect it to be that quick. While I was on a Google Hangouts call with a colleague, the hacker sent me screenshots of my Bumble and Postmates accounts, which he had broken into. Then he showed he had received…
NY: Home care agency notifies more than 92,000 after ransomware attack
Back in January, Sodinokibi (REvil) threat actors added Preferred Home Care of New York to their dark web leak site. At the time, the threat actors did what they usually do — they posted a few screencaps as proof of access. The screencaps showed directories of folders and images of identity cards of people working…
Former Roswell Park nurse pleads guilty to tampering with a consumer product
Articles on breaches involving protected health information (PHI) often raise the specter of what could happen if a patient’s records were misused and the patient’s healthcare suffered as a result. Here’s a case where it reportedly happened. This case also raises some questions about access controls and the value of audits and follow-up on audits….