There were a number of year-in-review analyses for the healthcare sector, but now Protenus has released its report, which is based on analyses of 450 U.S. incidents first disclosed in 2016. The incidents were compiled by DataBreaches.net, who also provided some of the analyses. While some media outlets still headline external hacks where massive numbers of records…
Category: Of Note
Need help because your MongoDB installation was hit by ransomware?
For the past week, this site has been providing updates on previous coverage about a wave of ransomware attacks hitting misconfigured MongoDB installations. New instances continue to be detected by researchers on a daily basis. The attacks have shown no geographic or sector boundaries – any MongoDB installation indexed by Shodan.io that had or has…
Hacker Steals 900 GB of Cellebrite Data
Joseph Cox reports: The hackers have been hacked. Motherboard has obtained 900 GB of data related to Cellebrite, one of the most popular companies in the mobile phone hacking industry. The cache includes customer information, databases, and a vast amount of technical data regarding Cellebrite’s products. The breach is the latest chapter in a growing…
“….and in no case later than 60 calendar days after discovery of a breach”
I’ve been encouraging (ok, nagging) HIPAA lawyer Jeff Drummond of Jackson Walker to write a post explaining what the 60-day notification provision really means in HIPAA, as I’ve always had a lot of questions about it, such as: Does the 60-day clock start when the covered entity (CE) first discovers that they might have a…
HHS OCR: Henrico Sen. Dunnavant’s political letter to patients broke health privacy rules, but no sanctions needed
There’s a follow-up to an HHS OCR investigation that I had noted back in October, 2015. And since we don’t see many OCR investigations reported like this one, it’s worth noting. Politicians who are also HIPAA-covered entities, in particular, may wish to take note. Graham Moomaw reports: State Sen. Siobhan S. Dunnavant, a Henrico County…
The MongoDB attacks: 93 terabytes of data wiped out
The other night on Twitter, after I and others communicated concern as the number of attacks on misconfigured MongoDB installations rose to 27,000 in a relatively short period, @Cyber_War_News and I had a respectful disagreement about the seriousness of the situation: still shocked that yall shocked and fussing about the mongodb ransom spike. — CWN (@Cyber_War_News) January…