Of Note – Page 101 – DataBreaches.Net

Jelly Bean Communications Design and its Manager Settle False Claims Act Liability for Cybersecurity Failures on Florida Medicaid Enrollment Website

Posted on March 14, 2023 by Dissent

There’s an update to the Florida Healthy Kids breach that was due to their vendor, Jelly Bean Communications, not patching vulnerabilities for seven years. The incident was reported to HHS in January 2021 as impacting 3.5 million patients. Today, the U.S. Department of Justice announced: Jelly Bean Communications Design LLC (Jelly Bean) and Jeremy Spinks…

No need to hack when it’s leaking, DC Health Link edition

Posted on March 14, 2023September 26, 2024 by Dissent

On March 12, DataBreaches reported on the Health Benefit Exchange Authority data that was first leaked by a forum user known as “IntelBroker” and then by “Denfur.” The DC Health Link incident attracted a lot of media attention because it involved members of Congress, their staff, and their families. As StateScoop reported today, DC Health…

Ransomware Vulnerability Warning Pilot (RVWP)

Posted on March 13, 2023 by Dissent

The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), which President Biden signed into law in March 2022, required CISA to establish the RVWP (see Section 105 [6 U.S.C. 652]). ALERT CISA Announces Ransomware Vulnerability Warning Pilot Release Date March 13, 2023 Today, CISA is announcing the creation of the Ransomware Vulnerability Warning…

Data Exfiltration Trends in Healthcare

Posted on March 11, 2023 by Dissent

From the Office of Information Security / HHS and the Health Sector Cybersecurity Coordination Center: Data Exfiltration Trends in Healthcare March 9, 2023

SEC Charges Software Company Blackbaud Inc. for Misleading Disclosures About Ransomware Attack That Impacted Charitable Donors

Posted on March 10, 2023 by Dissent

Washington D.C., March 9, 2023 — The Securities and Exchange Commission today announced that Blackbaud Inc., a South Carolina-based public company that provides donor data management software to non-profit organizations, agreed to pay $3 million to settle charges for making misleading disclosures about a 2020 ransomware attack that impacted more than 13,000 customers. The SEC’s…

EPA Requires States to Address the Cybersecurity of Public Water Systems

Posted on March 10, 2023 by Dissent

Ashden Fein, Micaela McMurrough, Caleb Skeath, and Matthew Harden of Covington & Burling write: On March 3, 2023, the United States Environmental Protection Agency (“EPA”) published a memorandum requiring states to evaluate the cybersecurity of operational technology used by public water systems (“PWSs”) “when conducting PWS sanitary surveys or through other state programs.” EPA’s memorandum “interprets the…