From the what-could-possibly-go-wrong dept., Jose Pagliery and Ryan Browne report: The US military is taking a more aggressive stance against foreign government hackers who are targeting the US and is being granted more authority to launch preventative cyberstrikes, according to a summary of the Department of Defense’s new Cyber Strategy. The Pentagon is referring to…
Category: Commentaries and Analyses
Click2Gov Update: ICYMI Here’s The Latest
RBS is doing a great job of tracking the Click2Gov breaches. In their most recent update, they report: It’s been three months since our original post was published and as feared, breaches of the Click2Gov system continue to be reported. Here is what we’ve learned: Attackers are exploiting an unpatched vulnerability in Oracle’s WebLogic. Early…
Ransomware attacks against hospitals: A timeline
Seth Rosenblatt and Pinguino Kolb report: Ransomware attacks are serious business for hackers―and often completely avoidable. Hospitals and health care systems, now in the business of collecting patient data as a side effect of treating physical maladies, struggle to keep that information secure. While there’s no ransomware-specific cost estimate to the health care business, Verizon’s…
Commentary: What Constitutes Negligence in Company Data Breaches?
Amy L. Hanna Keeney of Adams and Reese writes about an opinion in a court case that stemmed from one of TheDarkOverlord’s hacks: their attack on Athens Orthopedic Clinic (AOC). I had covered that breach extensively, including commenting on the fact that AOC did not offer any free services to patients whose data had not…
DealerBuilt Settles with New Jersey AG Over Data Breach
Hunton Andrews Kurth reports: On September 7, 2018, the New Jersey Attorney General announced a settlement with data management software developer Lightyear Dealer Technologies, LLC, doing business as DealerBuilt, resolving an investigation by the state Division of Consumer Affairs into a data breach that exposed the personal information of car dealership customers in New Jersey…
In a Data-Breach Lawsuit, Can Plaintiffs Use a Company’s Data Breach Notice to Establish Standing?
Alex M. Pearce of Ellis & Winters LLP writes: ….. When a business suffers a data breach, state laws require the business to send a notice to affected individuals. Those laws typically prescribe the contents of the required notice—sometimes in detail. North Carolina’s data breach notification statute, for instance, requires the notice to include “[a]dvice…