Catalin Cimpanu reports: Malware samples used in the recent attacks against several Polish banks contained planted evidence that attempted to blame the attacks on Russian-speaking hackers. These false flags, as the (IT and real-world) security community refers to these planted clues, were discovered by Sergei Shevchenko, a Russian-speaking security expert for BAE Systems. In a report published this morning,…
Category: Commentaries and Analyses
The CoPilot Provider Support Services incident: The HIPAA issue
In the first part of a discussion of an incident reported by CoPilot Provider Support Services, this site reported claims by John Witkowski, a former employee, that CoPilot had not reported accurately on the incident. In this part, we focus on just one of CoPilot’s claims – that they are not a business associate under HIPAA….
OCR investigating CoPilot Provider Support Services breach; former employee lodged complaint
When CoPilot Provider Support Services recently disclosed a security incident that they had known about since 2015, their statements might have led you to believe that a disgruntled former employee had hacked them or misused previously authorized access, and that law enforcement might be looking into criminal charges. If you thought that, you were wrong on both counts. CoPilot Provider Support Services (“CoPilot”) describes itself…
Are Courts the Next Frontier in Fight Against State Hacking?
Ben Hancock discusses another strategy for responding to state hacking: trying to sue them under the CFAA, although state claims would also be needed: “It is important to consider other, complementary options,” added Hinnen, who previously dealt with national security issues as a senior lawyer at the Justice Department. “One option worth consideration is enabling…
Vermont Restaurant Settles Charges by Attorney General’s Office Over Credit Card Fraud
Caroline Strange reports that the Grand Buffet restaurant in Essex Junction, Vermont, has settled charges brought by the VT Attorney General’s Office following an investigation into credit card fraud that affected the restaurant’s customers. If that sounds a bit atypical to you (it did to me), it turns out that the restaurant had known there was…
Horizon Blue Cross Blue Shield Pays $1.1M For Customer Data Breach
Jerry DeMarco reports: Horizon Blue Cross Blue Shield of New Jersey agreed to pay $1.1 million and improve data-security practices to settle charges that it failed to properly protect the privacy of nearly 690,000 state policyholders whose personal information was contained on two laptops stolen from the insurer’s Newark headquarters. The insurance giant — New…