From HHS, yesterday: The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) announces that it has settled its ninth enforcement action in its HIPAA Right of Access Initiative. OCR announced this initiative as an enforcement priority in 2019 to support individuals’ right to timely access to their health…
Category: Commentaries and Analyses
Office of the Comptroller of the Currency fines Morgan Stanley $60 million for 2016 data breach
Brendan Pedersen reports: Morgan Stanley was slapped with a $60 million fine by regulators Thursday for risk management problems tied to a 2016 data breach. The consent order by the Comptroller of the Currency cited failures at both Morgan Stanley Bank, N.A., and Morgan Stanley Private Bank, N.A. related to the shutdown of two wealth…
Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work
Brian Krebs reports: There’s an old adage in information security: “Every company gets penetration tested, whether or not they pay someone for the pleasure.” Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in. But judging from the proliferation of…
Blackbaud Data Breach: Non-Profit Foundations (Part One)
Marco A. De Felice aka @amvinfe has begun a series of articles on the Blackbaud breach. He begins with Blackbaud’s initially inaccurate claims that no Social Security numbers, bank account data, or sensitive details had been accessed and exfiltrated. As most people know by now, Blackbaud had to issue an update to its original notification,…
A security flaw in Grindr let anyone easily hijack user accounts
Zack Whittaker writes: Grindr, one of the world’s largest dating and social networking apps for gay, bi, trans, and queer people, has fixed a security vulnerability that allowed anyone to hijack and take control of any user’s account using only their email address. Wassime Bouimadaghene, a French security researcher, found the vulnerability and reported the issue…
Hacker Uploads Own Fingerprints To Crime Scene In Dumbest Cyber Attack Ever
Davey Winder reports: Max Heinemeyer, director of threat hunting at Darktrace, thought it would be interesting to look back at the seven years since launching its AI-powered cybersecurity solution. Look back through the lens of some of the weirdest attacks that the AI cyber-brain had identified that is. You know what, he was right. I’ve…