Marianne Kolbasuk McGee of HealthInfoSec poses a question about why Change Healthcare’s report to HHS indicated that 500 patients were affected when they already admitted that there were millions. Why use such a low placeholder instead of a higher number when it has been months since they discovered the breach and they must have some…
Category: Commentaries and Analyses
Invasion of the Data Snatchers: B.C. Court of Appeal Clarifies Possible Scope of Privacy Claims Against Data Custodians in Data Breaches
Lyann Danielak, Joshua Hutchinson, and Robin Reinertson of Blake, Cassels & Graydon LLP write: On July 4, 2024, the B.C. Court of Appeal issued a duo of class action appeal decisions considering the potential scope of statutory and common law privacy claims against data custodians that fall victim to cyberattacks in data breach cases. In…
Government files its opening brief in its appeal to overturn Conor Fitzpatrick’s sentence
On July 29, the Department of Justice filed its opening brief in its appeal of Conor Fitzpatrick’s (“Pompompurin’s”) sentence. The issue at the appellate level is “whether the district court abused its discretion in sentencing Fitzpatrick to a 17-day time-served sentence for possessing child pornography and creating and operating the largest English-language data breach forum…
CrowdStrike Chaos Highlights Key Cyber Vulnerabilities with Software Updates — GAO Blog
From their WatchBlog: Earlier this month, a software update from the cybersecurity firm CrowdStrike caused Microsoft Windows operating systems to crash—resulting in potentially the largest IT outage in history. Disruptions were widespread. Around the world, businesses and services were unable to operate as computers crashed, and some critical infrastructure sectors (like transportation, healthcare, and finance)…
EdTech, Impersonation, and Managing Risk
Bill Fitzgerald (@FunnyMonkey) has written a post that I wish all school districts would read, process, and follow up on. The following is just a snippet from his post: We should assume that the KnowBe4 impersonation and the xz incident are not isolated or unique, and that there are other similar attacks underway that are…
IBM: Cost of a breach reaches nearly $5 million, nearly $10 million for healthcare
Jonathan Greig reports on some of the significant findings in IBM’s new survey on the cost of a breach: Businesses that fall victim to a data breach can expect a financial hit of nearly $5 million on average — a 10% increase compared to last year — according to IBM’s annual report on cybersecurity incidents….