BBC reports: The Russian military was directly behind a “malicious” cyber-attack on Ukraine that spread globally last year, the US and Britain have said. The White House said June’s NotPetya ransomware attack caused billions of dollars in damage across Europe, Asia, and the Americas. UK Defence Secretary Gavin Williamson said Russia was “ripping up the…
Category: Commentaries and Analyses
Hack the Air Force 2.0 uncovers over 100 vulnerabilities
Charlie Osborne reports: The second Hack the Air Force bug bounty challenge, Hack the Air Force 2.0, has resulted in 106 vulnerabilities being reported and fixed. On Thursday, bug bounty platform HackerOne revealed that the 20-day competition to find vulnerabilities in federal systems resulted in $103,883 in payouts, bringing the total amount of financial rewards…
Consequences for HIPAA violations don’t stop when a business closes
There’s a new settlement announcement from HHS OCR that makes clear that even if an entity closes its doors, any HIPAA enforcement action continues: A receiver appointed to liquidate the assets of Filefax, Inc. has agreed to pay $100,000 out of the receivership estate to the U.S. Department of Health and Human Services (HHS) Office…
UK: ICO releases Q3 data security incident trends
The Information Commissioner’s Office has released Q3 statistics on data protection incidents reported to their office. Not surprisingly, reports were up. Some of their key statistics: Central government sector reports rose by 178% from Q2 (from 9 to 25). Incidents involving a failure to redact data increased from 1 to 11. Education sector incidents rose by…
Education Department Toughens Tone on Cyber and Threatens to Pull Funding for Non-Compliance
Sara A. Arrow and Craig A. Newman Recently-issued guidance from the U.S. Department of Education (ED) threatens to “yank” Title IV funding for post-secondary institutions lacking appropriate data security safeguards. The guidance comes as the risk of educational data breaches has intensified, as we have previously reported. The stakes are even higher now that ED…
RoxSan Pharmacy Notifies Patients of Breach That Occurred in 2015
There are a number of unanswered questions about an incident disclosed by RoxSan Pharmacy today. See what you think, starting with their press release of today: As part of its commitment to patient privacy, RoxSan Pharmacy (“RoxSan”) notified 1,049 patients of a potential breach of unsecured personal patient protected health information. RoxSan is notifying affected…