Tim Johnson reports: The digital operations team at the Democratic National Committee hit some dark days after Russian hackers mauled their networks in 2016, hijacking dozens of computers and pilfering tens of thousands of emails to hand over to WikiLeaks and onto the internet. Remnants of that digital bruising linger. “I feel like everyone’s still…
Category: Commentaries and Analyses
MedCall Advisors suffers second data leak in less than one month
A few weeks ago, DataBreaches.net reported on a leaky Amazon S3 bucket owned by MedCall Advisors in North Carolina. The leak, which exposed approximately 3,000 patients’ protected health information, was discovered by UpGuard, who published a number of redacted screenshots to document the leak. Their detailed report also noted how Randy Baker, the CEO of MedCall…
An OCR investigation illustrates the value of investigating small and medium-sized entities
One of the common themes in discussing security is that many organizations are not “mature” yet. And of course, as HIPAA recognizes in its security rule, smaller practices should not be expected to do everything you might expect a larger hospital system to do. But even small or medium-sized entities need to comply with the core…
St. Petersburg timeline on Click2Gov raises questions as to whether the vendor was proactive or not
I have commented on the Click2Gov breach a few times — mostly wondering aloud why so many customers do not seem to have been made aware that they needed to update immediately, etc. Both RBS and FireEye have both discussed the Click2Gov incident in more depth. But now look at this disclosure from St….
You Can’t Understand Cyberattacks Without Understanding Chinese Spies
Bowen Xiao and Joshua Philipp report: In 2014, five Chinese military hackers were indicted for offenses that included computer hacking and economic espionage. The hackers targeted Americans in various industries, such as nuclear and solar, and marked the first time criminal charges were brought against Chinese military hackers for cyberattacks. They were never taken to trial. The individuals were…
UK: Bupa Insurance Services fined £175,000 for systemic data protection failures
From the U.K. Information Commissioner’s Office: Bupa Insurance Services Limited (Bupa) has been fined £175,000 by the Information Commissioner’s Office (ICO) for failing to have effective security measures in place to protect customers’ personal information. Between 6 January and 11 March 2017, a Bupa employee was able to extract the personal information of 547,000 Bupa…