March 5. The U.S. Department of Health and Human Services (HHS) is aware that Change Healthcare – a unit of UnitedHealth Group (UHG) – was impacted by a cybersecurity incident in late February. HHS recognizes the impact this attack has had on health care operations across the country. HHS’ first priority is to help coordinate…
Category: Of Note
Three recent breach disclosures remind us how seldom timely breach notification is enforced under HITECH
Three recent data breach disclosures involving patient data all exceeded HIPAA’s 60-day deadline to notify HHS and individuals. Yakima Valley Radiology A breach involving the Washington state radiology service was added to Karakurt’s leak site in November 2023 with a listing claiming — without proof — that they had acquired 9.31 GB of files with financial…
Vastaamo victims’ lawyer: Some took their own lives after patient record leak
YLE News, STT report: Some patients from the Vastaamo psychotherapy centre had died by suicide after their patient records were stolen and used in extorition attempts, according to a lawyer representing victims. Legal arguments in the trial of Aleksanteri Kivimäki, who is accused of stealing the data and extorting victims, are scheduled to conclude next week….
Message to the Congress on Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern
TO THE CONGRESS OF THE UNITED STATES: Pursuant to the International Emergency Economic Powers Act (50 U.S.C. 1701 et seq.) (IEEPA), the National Emergencies Act (50 U.S.C. 1601 et seq.), and section 301 of title 3, United States Code, I hereby report that I have issued an Executive Order that expands the scope of the national emergency…
Fulton County, Security Experts Call LockBit’s Bluff
Brian Krebs reports: The ransomware group LockBit told officials with Fulton County, Ga. they could expect to see their internal documents published online this morning unless the county paid a ransom demand. LockBit removed Fulton County’s listing from its victim shaming website this morning, claiming the county had paid. But county officials said they did not pay, nor…
CISA Alert CodeAA23-353A: ALPHV BlackCat
February 27, 2024: SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware….