Log4j is a ubiquitous piece of software used to record activities in a wide range of systems found in consumer-facing products and services. Recently, a serious vulnerability in the popular Java logging package, Log4j (CVE-2021-44228) was disclosed, posing a severe risk to millions of consumer products to enterprise software and web applications. This vulnerability is…
Category: Of Note
Fired University of Utah researcher exposes breaches in student data
Chris Jones and Nadia Pflaum of KUTV report: Dr. Judith Zimmerman knew she was fired for doing the right thing. She was the lead investigator on a research project on autism in children, which she spearheaded at the Utah Department of Health. She brought that project, and a very sensitive database of data, to the…
Morgan Stanley to pay $60 million to resolve data security lawsuit
Jonathan Stempel reports: Morgan Stanley agreed to pay $60 million to settle a lawsuit by customers who said the Wall Street bank exposed their personal data when it twice failed to properly retire some of its older information technology. A preliminary settlement of the proposed class action on behalf of about 15 million customers was…
VPN Solutions LLC suffered a ransomware attack two months ago. Some clients still can’t access patient data hosted on the service.
It appears that a ransomware incident involving VPN Solutions LLC may have affected a number of covered entities, although so far, DataBreaches.net has only identified two confirmed cases: Surgery Group SC On December 17, Surgery Group SC in Illinois notified HHS about an incident impacting 500 patients. DataBreaches.net interprets that 500 number as a marker…
Ransomware gang coughs up decryptor after realizing they hit the police
Lawrence Abrams reports: The AvosLocker ransomware operation provided a free decryptor after learning they encrypted a US government agency. Last month, a US police department was breached by AvosLocker, who encrypted devices and stole data during the attack. However, according to a screenshot shared by security researcher pancak3, after learning that the victim was a government…
HIPAA Enforcement by State Attorneys General
HIPAAJournal has a nice piece on HIPAA enforcement action over the years by state attorneys general. You can access it here.