Danny Mok reports: Hackers have broken into a government system used by most of Hong Kong’s schools, raising fears for the personal data of pupils, parents and staff. Eight schools operating a web-based administrative network that stores highly sensitive information were breached, with three of them reporting data leaks, the Education Bureau said on Friday…
Category: Of Note
NYC Health & Hospitals Corp. investigating alleged employee wrongdoing
NYC Health & Hospitals Corp. posted a notice this week (reproduced below) that suggests that a rogue employee may have been selling PHI to law firms or clinics that specialize in motor vehicle accident patients. Of note, this notice does not specify any one hospital where the employee worked. Did the employee have access to…
Ransomware attack hits major US data center provider
Catalin Cimpanu reports: CyrusOne, one of the biggest data center providers in the US, has suffered a ransomware attack, ZDNet has learned. CyrusOne is currently working with law enforcement and forensics firms to investigate the attack and is also helping customers restore lost data from backups. Read more on ZDNet.
Merck cyberattack’s $1.3 billion question: Was it an act of war?
Riley Griffin of Bloomberg reports: By the time Deb Dellapena arrived for work at Merck & Co.’s 90-acre campus north of Philadelphia, there was a handwritten sign on the door: The computers are down. It was worse than it seemed. Some employees who were already at their desks at Merck offices across the U.S. were…
Facebook must face data breach class action on security, but not damages: judge
Jonathan Stempel reports: A federal judge said up to 29 million Facebook Inc (FB.O) users whose personal information was stolen in a September 2018 data breach cannot sue as a group for damages, but can seek better security at the social media company after a series of privacy lapses. Read more on Reuters.
OCR Secures $2.175 Million HIPAA Settlement after Sentara Hospitals Failed to Properly Notify HHS of a Breach of Unsecured Protected Health Information
OCR has announced another settlement. This one involves Sentara Hospitals, and it’s a somewhat surprising one in the sense that Sentara not only seems to have gotten the fundamentals of HIPAA and notification compliance wrong, but then they seem to have insisted in their wrongheaded ways even after HHS told them what their obligations were. …