Three Syrian nationals, all current or former members of the Syrian Electronic Army (SEA), were charged with multiple conspiracies related to computer hacking, according to two criminal complaints unsealed today in the U.S. District Court of the Eastern District of Virginia. Ahmad Umar Agha, 22, known online as “The Pro,” and Firas Dardar, 27, known…
Category: Of Note
NY: Treasure trove of Grand Street Medical Associates patient data exposed and indexed
Grand Street Medical Associates is a multi-disciplinary practice in Kingston, New York. At some point, what appears to be a vast amount of their patients’ protected health information was left exposed on an unsecured FTP server. The leak was discovered by a security researcher, who notified GSMA and then contacted DataBreaches.net on March 12. According…
KY: Ransomware incident at Methodist Hospital in Henderson (update2)
On March 15, Jessica Gavin reported: A cyber security breach, striking Methodist Hospital in Henderson. We’re learning the FBI is investigating this right now, but there’s some good news. [….] David Park, COO of Methodist, tells 14 NEWS the hackers have copied patients records and locked those copies. They’ve deleted the originals. “We’ve notified the FBI,…
Featured Story: Henry Ford Healthcare System: creating a culture of privacy
Over the past decade of reporting on healthcare sector breaches, I can probably count on one hand the number of entities who have impressed me that they really “get” that responding to a privacy breach is not primarily about data or statutory notifications. It’s about addressing any distrust or anxiety patients may feel about you protecting their confidentiality, because…
Security researcher investigating Bangladesh central bank cyber-heist kidnapped? (UPDATED)
Researching and reporting on data breaches has always had some element of risk attached. You can get accused of hacking, or you can get threatened with litigation. In Brian Krebs’s case, you can find yourself swatted. Or in my case, you can get threatened with infection of HIV. But with the exception of swatting, the rest pales…
Improper disclosure of research participants’ protected health information results in $3.9 million HIPAA settlement
There’s a follow-up to a breach I first noted on this blog in 2012 when Feinstein Institute for Medical Research issued a press release about a laptop stolen from a programmer’s car. Now HHS has issued a press release of its own: Improper disclosure of research participants’ protected health information results in $3.9 million HIPAA…