Earlier today, Robert A. Purbeck of Idaho, aka “Lifelock” and “Studmaster,” pleaded guilty in an Atlanta federal courtroom to two counts of an 11-count indictment filed against him in 2021. The two counts charged violation of Title 18, United States Code/ Sections 1030(a)(2)(C)/ 1030(c)(2)(B)(i) and 1030(c)(2)(B)(iii) and Section 2, more commonly known as the Computer…
Category: Of Note
The 2024 Breach Barometer reports a staggering 171 million patient records breached. And that’s just the ones we know about.
Each year, many news sites add up the number of reports on HHS’s public breach tool and then add up the number of records reported for those incidents. For 2023, that came to 725 reports and about 135 million records. Those numbers are disturbing, but not as disturbing as the numbers out today by Protenus….
Florida Legislature Passes Data Breach Immunity Legislation
Josh Hansen and Alfred Saikali of Shook, Hardy & Bacon write: The Florida legislature passed a bill that provides immunity to companies that suffer a data breach. The immunity is conditioned on the company: (1) complying with the notice requirements of Florida’s data breach notification law, and (2) maintaining a cybersecurity program that tracks certain…
Banning Ransom Payments: Calls Grow to ‘Figure Out’ Approach
Mathew J. Schwartz reports: How might banning ransomware victims from paying a ransom to their attacker work in practice? As ransomware groups are causing massive damage and disruption and showing no signs of stopping, Ciaran Martin, the former head of Britain’s National Cyber Security Center, said “it’s time to figure out how to make a ransomware payments…
HHS Statement Regarding the Cyberattack on Change Healthcare
March 5. The U.S. Department of Health and Human Services (HHS) is aware that Change Healthcare – a unit of UnitedHealth Group (UHG) – was impacted by a cybersecurity incident in late February. HHS recognizes the impact this attack has had on health care operations across the country. HHS’ first priority is to help coordinate…
Three recent breach disclosures remind us how seldom timely breach notification is enforced under HITECH
Three recent data breach disclosures involving patient data all exceeded HIPAA’s 60-day deadline to notify HHS and individuals. Yakima Valley Radiology A breach involving the Washington state radiology service was added to Karakurt’s leak site in November 2023 with a listing claiming — without proof — that they had acquired 9.31 GB of files with financial…