Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced an $80,000 settlement with Elgon Information Systems (Elgon), a Massachusetts company that provides electronic medical record and billing support services to covered entities, under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. OCR enforces the HIPAA Privacy,…
Category: Of Note
India’s Digital Data Protection Framework: Safety, Trust and Resilience
Samaya Dharmaraj reports: In an era where digital transformation shapes every aspect of governance, business, and daily life, safeguarding citizens’ personal data has become a top priority for India. Recognising the critical need for a secure andaccountable digital ecosystem, the government has taken significant steps to establish a robust framework for data protection and cyber resilience. At…
No need to hack when it’s leaking: Roomster edition (1)
There are leaks and then there are leaks. Hundreds of thousands of people who shared houses via Roomster might want to say a mental “Thank you” to the researcher known as @JayeLTee, who discovered a long-standing data leak and took steps to get it secured. As JayeLTee relates, he first spotted the misconfigured server in…
Westend Dental agrees to pay Indiana $350K and to implement corrective action plan to settle charges of multiple HIPAA violations
TechCrunch recently did its annual write-up of badly handled data security incidents. The following wasn’t in it but is one of the worst security and privacy failures that I’ve ever read, and that’s saying a lot. This case stems from a ransomware attack by Medusa Locker in October 2020 that is first being seriously addressed…
U.S. Army Soldier Arrested in AT&T, Verizon Extortions
Brian Krebs reports: Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reported by KrebsOnSecurity last month, the accused is a communications specialist who was recently stationed in South Korea….
Chinese hackers breached Treasury Department workstations, documents in ‘major cybersecurity incident’
Ryan Knappenberger reports: The U.S. Department of the Treasury said on Monday that Chinese-backed hackers had breached its workstations and gained access to unclassified documents earlier this month in what it described as a “major cybersecurity incident.” The announcement comes just over a month after the Senate Intelligence Committee revealed recent Chinese hacks into the…