From HHS, an update on the Medical Informatics Engineering breach of 2015 that resulted in a multi-state lawsuit (the first of its kind) in December, 2018: Medical Informatics Engineering, Inc. (MIE) has paid $100,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services, and has agreed take corrective…
Category: Of Note
Lower fines for firms that admit role in data breach
Hariz Baharudin reports: Organisations that admit their role in a data breach and plead guilty to it may get a lower financial penalty from the privacy watchdog if the cause is a common breach. Common breaches include URL manipulation, poor password management or printing errors resulting in incorrect recipients. The Personal Data Protection Commission (PDPC)…
Georgia Supreme Court Clarifies There Is No Duty to Safeguard Personal Information from a Data Breach
Gavin Reinke of Alston & Bird writes: The Georgia Supreme Court recently issued a decision holding that there is no duty to safeguard personal information from a data breach under Georgia law. Georgia Department of Labor v. McConnell involved the accidental disclosure of a spreadsheet that contained the name, social security number, home telephone number,…
Two more Microsoft zero-days uploaded on GitHub
Catalin Cimpanu reports: A security researcher going online by the pseudonym of SandboxEscaper has published today demo exploit code for two more Microsoft zero-days after releasing a similar fully-working exploit the day before. These two mark the sixth and seventh zero-days impacting Microsoft products this security researcher has published in the past ten months, with…
Equifax just became the first company to have its outlook downgraded for a cyber attack
Kate Fazzini reports: Moody’s has just slashed its rating outlook on Equifax, the first time cybersecurity issues have been cited as the reason for a downgrade. Moody’s lowered Equifax’s outlook from stable to negative on Wednesday, as the credit monitoring company continues to suffer from the massive 2017 breach of consumer data. “We are treating…
WannaCry? Hundreds of US schools still haven’t patched servers
Sean Gallagher reports: … cities aren’t the only highly vulnerable targets to be found by would-be attackers. There are hundreds of thousands of Internet-connected Windows systems in the United States that still appear to be vulnerable to an exploit of Microsoft Windows’ Server Message Block version 1 (SMB v. 1) file sharing protocol, despite repeated…