In 2014, Nuance Communications discovered that anyone could access protected health information on one of its platforms. After the situation persisted for years, a former employee decided to submit a whistleblower complaint to HHS. For his efforts, he spent more than one year fending off threatened federal hacking charges, even though no hacking was involved….
Category: Of Note
EvilProxy Phishing-As-A-Service With MFA Bypass Emerged In Dark Web
Seen on Resecurity’s blog: a reminder that our current defenses fall rapidly as nimble criminals find a work-around and that some developments enable second-tier or less sophisticated attackers to punch above their weight: Following the recent Twilio hack leading to the leakage of 2FA (OTP) codes, cybercriminals continue to upgrade their attack arsenal to orchestrate…
Medical billing service in Florida one of the latest victims of ransomware attacks
Add NCG Medical to business associates who a ransomware attack has compromised. The medical billing service in Florida was added to the Hive ransomware group’s leak site on August 31, with Hive claiming that they encrypted NCG’s files on August 19. The 12-day gap between encryption and publicly revealing the attack is a relatively short…
Norwegian parliament fined
From the Norwegian Data Protection Authority: The Norwegian parliament – the Storting – had a data breach in late 2020. In January, the Data Protection Authority gave notice of a NOK 2 million fine for inadequate security. We have now considered the Storting’s comments and decided to maintain the fine. Norwegian parliament fined “Our conclusion…
LabMD gets another shot at defamation claim against ‘extortionate’ infosec biz
Jessica Lyons Hardcastle reports: LabMD, the embattled and now defunct cancer-testing company, will get another chance at suing security firm Tiversa for defamation following an appeals court ruling. The testing laboratory has long alleged that: Tiversa illegally obtained a 1,178-page computer file containing confidential data on more than 9,000 LabMD patients back in 2008; lied…
HC3 Threat Profile: Evil Corp
The following is not a paragraph from a story about fictional cybercriminals called Evil Corp. The following paragraph is from a white paper released this week by the U.S. Department of Health & Human Services because there is a criminal enterprise known as Evil Corp that poses a serious threat to the healthcare sector. Typographical…