HIPAA Journal reminds us all that states can require notification to the state of breaches that are also covered by HIPAA and can take enforcement action if they are not reported: Recently, there have been several instances where the California DOJ has not been notified about ransomware attacks on California healthcare facilities, even though the…
Category: Of Note
Man Robbed of 16 Bitcoin Sues Young Thieves’ Parents
Brian Krebs reports: In 2018, Andrew Schober was digitally mugged for approximately $1 million worth of bitcoin. After several years of working with investigators, Schober says he’s confident he has located two young men in the United Kingdom responsible for developing a clever piece of digital clipboard-stealing malware that let them siphon his crypto holdings….
Alibaba Cloud data leak ‘violated Cybersecurity Law’ in 2019 and must rectify, local Chinese telecoms regulator says
Coco Feng reports: The telecoms authority of China’s eastern Zhejiang province has told the cloud computing unit of Alibaba Group Holding that it violated the country’s Cybersecurity Law and should make rectifications following a complaint about a 2019 information leak. In a letter dated July 5, the Zhejiang Communications Administration (ZCA) said it found Alibaba Cloud “disclosed…
Hackers Release Data Trove From Belarus in Bid to Overthrow Lukashenko Regime
Ryan Gallagher reports: Opponents of the Belarus government said they have pulled off an audacious hack that has compromised dozens of police and interior ministry databases as part of a broad effort to overthrow President Alexander Lukashenko’s regime. The Belarusian Cyber Partisans, as the hackers call themselves, have in recent weeks released portions of a huge data trove…
Internal emails raise questions about government’s investigation into Walgreens privacy breach
I am so glad to see a follow-up on this case because I had the same questions about how and why Walgreens did not suffer the same federal penalties as CVS and Rite Aid for the same infringement of HIPAA. My original coverage of this breach is no longer online as the former version of…
By Design: How Default Permissions on Microsoft Power Apps Exposed Millions
The UpGuard Team writes: The UpGuard Research team can now disclose multiple data leaks resulting from Microsoft Power Apps portals configured to allow public access – a new vector of data exposure. The types of data varied between portals, including personal information used for COVID-19 contact tracing, COVID-19 vaccination appointments, social security numbers for job applicants, employee…