Matt Fisher writes: The early days of February 2023 saw two very different settlements announced related to healthcare data breaches. One arguably follows a well-known course and the other could be a sign of things to come. After having a health breach notification rule on the books since 2009, the Federal Trade Commission (“FTC”) had…
Category: Commentaries and Analyses
The FBI tried in vain: The Russian case against REvil turned out to be insignificant
The following is a machine translation of an article on Kommersant.ru: The FBI tried in vain As it became known to “Kommersant”, the investigative department of the Ministry of Internal Affairs of the Russian Federation completed the investigation of the criminal case of the so-called international group of hackers REvil, information about which was provided…
Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide; more than 500 systems affected already
Sergiu Gatlan reports: Admins, hosting providers, and the French Computer Emergency Response Team (CERT-FR) warn that attackers actively target VMware ESXi servers unpatched against a two-year-old remote code execution vulnerability to deploy ransomware. Tracked as CVE-2021-21974, the security flaw is caused by a heap overflow issue in the OpenSLP service that can be exploited by unauthenticated…
HHS OCR Settles HIPAA Investigation with Banner Health Following 2016 Hacking Incident
The following is a press release from HHS. It is an update to a 2016 hacking incident previously covered on this site. The incident also resulted in a class action lawsuit that was settled for $6 million in 2019. February 02, 2023 Today, the U.S. Department of Health and Human Services’ Office for Civil Rights…
North Korean hackers stole research data in two-month-long breach
Bill Toulas reports: A new cyber espionage campaign dubbed ‘No Pineapple!’ has been attributed to the North Korean Lazarus hacking group, allowing the threat actors to stealthily steal 100GB of data from the victim without causing any destruction. The campaign lasted between August and November 2022, targeting organizations in medical research, healthcare, chemical engineering, energy,…
Members of Congress Call for IRS to Investigate Tax Companies Sharing Data with Facebook
Members of Congress Call for IRS to Investigate Tax Companies Sharing Data with Facebook The Markup revealed the companies’ practices last year By: Colin Lecher and Simon Fondrie-Teitler Three congressional Democrats are demanding that the Internal Revenue Service investigate tax preparation companies for sharing sensitive taxpayer data with Facebook after The Markup revealed the practice…