Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), announced a settlement with Montefiore Medical Center, a non-profit hospital system based in New York City for several potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. OCR is responsible for administering and enforcing health information…
Category: Of Note
EU and United States enhance cooperation on cybersecurity
The EU and the United States took an important step to further strengthen their mutual cyber resilience and foster a secure global cyberspace During his visit to Washington D.C., Thierry Breton, Commissioner for Internal Market issued a joint statement with Alejandro N. Mayorkas, United States Secretary of Homeland Security, recalling the importance of cooperation between like-minded partners to address…
Cloudflare hacked using auth tokens stolen in Okta attack
Sergiu Gatlan reports: Cloudflare disclosed today that its internal Atlassian server was breached by a suspected ‘nation state attacker’ who accessed its Confluence wiki, Jira bug database, and Bitbucket source code management system. The threat actor first gained access to Cloudflare’s self-hosted Atlassian server on November 14 and then accessed the company’s Confluence and Jira…
Ex-CIA software engineer sentenced to 40 years for giving secrets to WikiLeaks
The Guardian reports: A former Central Intelligence Agency (CIA) software engineer who was convicted for carrying out the largest theft of classified information in the agency’s history and of charges related to child abuse imagery was sentenced to 40 years in prison on Thursday. The 40-year sentence by US district judge Jesse Furman was for…
FTC Order Will Require Blackbaud to Delete Unnecessary Data, Boost Safeguards to Settle Charges its Lax Security Practices Led to Data Breach
FTC says company’s poor security allowed hacker to steal sensitive data of millions of consumers, go undetected for months South Carolina-based Blackbaud Inc. will be required to delete personal data that it doesn’t need to retain as part of a settlement with the Federal Trade Commission over charges that the company’s lax security allowed a…
Biden Will Veto Efforts to Spike SEC Breach Disclosure Rule
Jeffrey Burt reports: President Biden is warning Congressional Republicans that he will veto any attempts to overturn the Securities and Exchange Commission’s (SEC) new requirement for public companies disclosing cybersecurity incidents. In a brief policy statement this week, the White House said public companies not reporting cyberattacks that disrupt their operations not only harms investors who should…