Maydeen Merino reports: The Federal Trade Commission this week defended its investigation of MGM Resort International’s data security practices as the Las Vegas-based casino is seeking a court order to block the agency’s probe. Following a cyberattack that disclosed the personal information MGM guests in September, the FTC issued a civil investigative demand (CID) in…
Category: Of Note
If the insider threat is at your vendor, could you discover it quickly?
Here’s today’s reminder of the insider threat. We start with a notice from Geisinger about a security incident involving Nuance Communications: Nuance Communications Inc., an outside vendor that provides information technology services for Geisinger, is notifying Geisinger patients that some personal information may have been accessed by a former Nuance employee. On Nov. 29, 2023,…
SEC Charges R.R. Donnelley for Ransomware Attack Response
Hunton Andrews Kurth writes: On June 18, 2024, the U.S. Securities and Exchange Commission (“SEC”) announced a settlement with R.R. Donnelley & Sons Co. (“RRD”), a global provider of business communication and marketing services, for violating the internal controls and disclosure controls provisions of federal securities laws in relation to Donnelley’s response to a 2021 ransomware attack….
Red Tape Is Making Hospital Ransomware Attacks Worse
Matt Burgess reports: Crippling ransomware attacks against hospitals and health care providers are on the rise. These ruthless cyberattacks can take medical systems offline for weeks—canceling appointments and surgeries and causing harm to patients. Doctors and nurses are plunged into crisis situations where they resort to using pen and paper, while IT staff work to make…
Patients at Ascension hospital network given dangerous doses of narcotics after disastrous cyberattack
Alexa Lardieri reports: A cyberattack on a major American hospital system has caused dangerous medication mix ups including patients administered narcotics by mistake, leading to an admission to intensive care for life-threatening breathing difficulties. In another case, a female patient suffered a cardiac arrest and died after data mishaps delayed test results that would determine her…
Doctor charged for unauthorized access to personal information of pediatric patients at Texas Children’s Hospital
Is the following case an example of insider threat or it is a whistleblower situation — or both? The U.S. Attorney’s Office of Southern Texas issued the following press release on June 17: A Houston doctor has been indicted for obtaining protected individual health information for patients that were not under his care and without…