Summary from the OIG: Objective The objective of this audit was to determine whether the DoD effectively controlled access to health information of well-known DoD personnel. Background The DoD maintains millions of electronic health records on its DoD beneficiaries, [REDACTED] DoD personnel who are granted access to health information to perform their official duties…
Category: Of Note
SEC fines three companies over hacked employee email accounts
Catalin Cimpanu reports: The US Securities and Exchange Commission has fined three brokerage firms on Monday for neglecting to secure employee accounts, incidents that led to the exposure of their customers’ data. Cetera Advisor Networks LLC, Cetera Investment Services LLC, Cetera Financial Specialists LLC, Cetera Advisors LLC, and Cetera Investment Advisers LLC (collectively, the Cetera entities); Cambridge…
Industry lobbies Congress to extend notification timeline after cybersecurity incidents
Maggie Miller reports: Key industry groups on Wednesday pushed to give organizations at least three days to report cybersecurity incidents to the federal government, effectively opposing Senate legislation that would give them 24 hours to report breaches. Read more on The Hill.
VaxiCode flaw: Quebec refused to give immunity to the whistleblower
Thomas Gerbet reports (machine translation follows): Contrary to what the Minister of Digital Transformation, Eric Caire, said, the Quebec government has never offered immunity to the computer scientist who discovered the security flaw in the VaxiCode health passport application. Exchanges of emails obtained by Radio-Canada reveal the underside of this affair and show that the…
New York State Comptroller DiNapoli Releases More School District Audits
Comptroller DiNapoli released more school district audits this week. As this site has done in the past, we are listing the ones that deal with information technology. The summaries are below; the links take you to the fuller reports, but as as always: (1) the results are not good (to put it as diplomatically as…
Ragnarok ransomware releases master decryptor after shutdown
Ionut Ilascu reports: Ragnarok ransomware gang appears to have called it quits and released the master key that can decrypt files locked with their malware. The threat actor did not leave a note explaining the move and all of a sudden replaced all the victims on their leak site with a short instruction on how…