The following is a press release from HHS. It is an update to a 2016 hacking incident previously covered on this site. The incident also resulted in a class action lawsuit that was settled for $6 million in 2019. February 02, 2023 Today, the U.S. Department of Health and Human Services’ Office for Civil Rights…
Category: Of Note
British Columbia: Mandatory breach reporting and privacy management program requirements now in effect for public bodies
February 1, 2023 Public bodies are now required to develop privacy management programs and report privacy breaches that could be expected to result in serious harm. The new requirements, which were among amendments to the Freedom of Information and Protection of Privacy Act (FIPPA) enacted in November 2021, came into force today. They apply to…
North Korean hackers stole research data in two-month-long breach
Bill Toulas reports: A new cyber espionage campaign dubbed ‘No Pineapple!’ has been attributed to the North Korean Lazarus hacking group, allowing the threat actors to stealthily steal 100GB of data from the victim without causing any destruction. The campaign lasted between August and November 2022, targeting organizations in medical research, healthcare, chemical engineering, energy,…
Former Employee Ubiquiti Networks Pleads Guilty To Stealing Confidential Data And Extorting Company For Ransom
There’s an update to a previously reported case involving a former employee of Ubiquiti Networks, although as is their policy, the DOJ does not name the victim firm: Damian Williams, the United States Attorney for the Southern District of New York, announced that NICKOLAS SHARP pled guilty today in Manhattan federal court to multiple federal…
Auction Company Offers to Sell Unscrubbed Computers Back to San Benito Schools
Fernando Del Valle reports: A San Benito school district online auction sold thousands of computers and tablets, some of which contained employees’ and students’ personal data, a computer store owner said Wednesday. South Texas Auction Co.’s records show the district sold more than 2,000 computers and 1,500 tablets during a July 23 online auction, David…
FTC Enforcement Action to Bar GoodRx from Sharing Consumers’ Sensitive Health Info for Advertising
The Federal Trade Commission has taken enforcement action for the first time under its Health Breach Notification Rule against the telehealth and prescription drug discount provider GoodRx Holdings Inc., for failing to notify consumers and others of its unauthorized disclosures of consumers’ personal health information to Facebook, Google, and other companies. In a first-of-its-kind proposed…