Are you surprised to see a settlement with HHS arising from an investigation that began when an entity reported a stolen laptop in 2013? Keep reading this notice from HHS to find an explanation: West Georgia Ambulance, Inc. (West Georgia), has agreed to pay $65,000 to the Office for Civil Rights (OCR) at the U.S….
Category: Commentaries and Analyses
As 2019 draws to a close, some entities are taking harder look at storing PHI in employee email accounts
Okay, so two exemplars doesn’t prove any kind of trend, but I’m glad to see some entities now taking steps to reduce how much PHI is stored in employee email accounts. Here are two recent incidents, both reported to HHS in December: Healthcare Administrative Partners (HAP) is a Pennsylvania-based business associate under HIPAA. On December…
Vistaprint Logomaker files viewable due to insecure Amazon s3 bucket
Vistaprint. Everyone knows it and probably almost everyone knows somebody who has used the firm to design or print business cards, brochures, or other business-related stationery or marketing-related materials. Recently I was on Vistaprint’s site to create a new logo for ctrlbox.com. To my unpleasant surprise, I discovered that the preview of my logo displayed…
Georgia Supreme Court resuscitates patient lawsuit against Athens Orthopedic Clinic
The Georgia Supreme Court has breathed new life into a lawsuit by patients of Athens Orthopedic Clinic (AOC) whose data were stolen by thedarkoverlord in 2016. In a decision issued this week, the judges unanimously reversed the Court of Appeals’ dismissal of the lawsuit, vacated other parts of their ruling, and remanded the case. At…
Sherwood telemarketing company temporarily shuts down, blames cyber attack ransom
Shelby Rose reports on a ransomware incident in Arkansas: A Sherwood telemarketing agency has unexpectedly closed its doors, leaving over 300 employees without jobs a few days before Christmas. In a letter to employees, CEO of The Heritage Company, Sandra Franecke saying their servers were attacked by hackers, who demanded a ransom, which they paid…
Chinese hacker group caught bypassing 2FA
Catalin Cimpanu reports: Security researchers say they found evidence that a Chinese government-linked hacking group has been bypassing two-factor authentication (2FA) in a recent wave of attacks. The attacks have been attributed to a group the cyber-security industry is tracking as APT20, believed to operate on the behest of the Beijing government, Dutch cyber-security firm…