The following is not your typical breach notification. It relates to a situation in which a business associate allegedly refuses to return the patient database despite its EULA and HIPAA obligation. The press release does not indicate whether the covered entity, Key Dental Group, is suing its former vendor to recover the database. Nor does…
Category: Of Note
Hacker lifts $1 million in cryptocurrency using San Francisco man’s phone number, prosecutors say
Kate Rooney reports: Losing cellphone service is inconvenient. But in some cases, it also might mean you’re getting hacked. San Francisco resident Robert Ross, a father of two, noticed his phone suddenly lose its signal on Oct. 26. Confused, he went to a nearby Apple store and later contacted his service provider, AT&T. But he…
True Identity of Notorious Hacker tessa88 Revealed – Recorded Future
From Insikt Group: New findings strongly suggest that the individual behind tessa88 may be Maksim Donakov of Penza, Russia, who operated under multiple different monikers on the dark web. It is possible that a second unknown individual was assisting Donakov in maintaining the tessa88 account, adhering to impeccable OPSEC procedures and until this day remaining…
NYSED Security Over Critical Information Systems (Follow-Up Audit by NYS Comptroller)
From the Office of the New York State Comptroller, this follow-up report on the New York State Education Department shows ongoing concerns that have not been addressed at all or only addressed partially: Issued: November 13, 2018 Link to full audit report 2018-F-17 Purpose To determine the extent of implementation of the two recommendations included…
New York Oncology Hematology notifying more than 128,400 employees and patients after phishing attack
Albany-based New York Oncology Hematology is notifying more than 128,400 employees and patients after discovering that 14 employees fell prey to phishing attacks in April. Although forensic invesgtigation did not find any clear evidence that attackers accessed employee or patient data in the employees’ email accounts, NYOH decided to notify everyone. As part of their web…
Russian APT comes back to life with new US spear-phishing campaign
Catalin Cimpanu reports: A Russian state-sponsored cyber-espionage group has come back to life after a one-year period of inactivity with a relative large spear-phishing campaign that has targeted both the US government and private sector. The hacking group is known in infosec circles as Cozy Bear, APT29, The Dukes, or PowerDuke, and is infamous because…